[CASSANDRA-18630] jackson-databind-2.13.2.2.jar vulnerability: CVE-2023-35116 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.0.30, 3.11.16, 4.0.11, 4.1.3, 5.0-alpha1, 5.0
Component/s: Dependencies
Labels:
None

Bug Category:
Security - Denial of Service
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

NA
Source Control Link:

https://github.com/apache/cassandra/commit/de7b1584f888eb6acc7d10602e302475169472bb
Test and Documentation Plan:

Hide

run CI

Show
run CI

Description

https://nvd.nist.gov/vuln/detail/CVE-2023-35116

 An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input.

Attachments

Activity

People

Assignee:: Brandon Williams

Reporter:: Brandon Williams

Authors:: Brandon Williams

Reviewers:: Berenguer Blasi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 27/Jun/23 11:31

Updated:: 12/Sep/23 13:02

Resolved:: 28/Jun/23 11:08