Homepage

tools.jackson.core:jackson-core@3.0.0-rc9 vulnerabilities

  • latest version

    3.1.0

  • latest non vulnerable version

    3.1.0

  • first published

    1 years ago

  • latest version published

    20 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the tools.jackson.core:jackson-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Allocation of Resources Without Limits or Throttling

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in ReaderBasedJsonParser.java and UTF8DataInputJsonParser.java, when processing deeply nested data. A regression in 3.0 versions caused the StreamReadConstraints.maxNestingDepth setting for DataInput to not be checked, allowing resources to be overwhelmed by malicious inputs.

    How to fix Allocation of Resources Without Limits or Throttling?

    Upgrade tools.jackson.core:jackson-core to version 3.1.0 or higher.

    [3.0.0-rc1,3.1.0)
    Go back to all versions of this package