tools.jackson.core:jackson-core@3.0.0-rc4

  • latest version

    3.2.0

  • latest non vulnerable version

  • first published

    1 years ago

  • latest version published

    26 days ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the tools.jackson.core:jackson-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Allocation of Resources Without Limits or Throttling

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the enforcement of document length constraints in blocking, async, and DataInput parser processes. An attacker can cause excessive resource consumption by submitting oversized JSON documents that bypass configured size limits.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade tools.jackson.core:jackson-core to version 3.1.1 or higher.

    [,3.1.1)
    • H
    Allocation of Resources Without Limits or Throttling

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in ReaderBasedJsonParser.java and UTF8DataInputJsonParser.java, when processing deeply nested data. A regression in 3.0 versions caused the StreamReadConstraints.maxNestingDepth setting for DataInput to not be checked, allowing resources to be overwhelmed by malicious inputs.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade tools.jackson.core:jackson-core to version 3.1.0 or higher.

    [3.0.0-rc1,3.1.0)