Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. #63

Closed
xlfe opened this issue Mar 23, 2022 · 1 comment
Closed

CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. #63

xlfe opened this issue Mar 23, 2022 · 1 comment

Comments

@xlfe
Copy link

xlfe commented Mar 23, 2022

This seems to have been given a rating of High 7.5

Request to bump jackson-databind once FasterXML/jackson-databind#2816 is merged

FasterXML/jackson-databind#2816
GHSA-57j2-w4cx-62h2
opensearch-project/anomaly-detection#436
@Deraen
Copy link
Member

Deraen commented Dec 19, 2022

0.3.7 uses 2.14.0+ where this is fixed.

@Deraen Deraen closed this as completed Dec 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Deraen @xlfe