Improper Input Validation Affecting org.codehaus.jackson:jackson-mapper-asl package, versions [0,]


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
2.06% (89th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Input Validation vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JAVA-ORGCODEHAUSJACKSON-3326362
  • published1 Mar 2023
  • disclosed24 May 2022
  • creditUnknown

Introduced: 24 May 2022

CVE-2019-10202  (opens in a new tab)
CWE-502  (opens in a new tab)

How to fix?

There is no fixed version for org.codehaus.jackson:jackson-mapper-asl.

Overview

org.codehaus.jackson:jackson-mapper-asl is a high-performance data binding package built on Jackson JSON processor.

Affected versions of this package are vulnerable to Improper Input Validation which results in several instances of deserialization of untrusted data. This issue is parallel to vulnerabilities reported and fixed in jackson-databind (CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086). Although no fix is available for codehaus, this vulnerability can be remediated by using a fixed version of jackson-databind.

CVSS Scores

version 3.1