CVE-2021-46877
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
N/A
Description
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:fastxml:jackson-databind:*:*:*:*:*:*:*:* | 2.10.0 (including) | 2.12.6 | * |
cpe:2.3:a:fastxml:jackson-databind:2.13.0:rc1:*:*:*:*:*:* | n/a | n/a | 2.13.0 |
cpe:2.3:a:fastxml:jackson-databind:2.13.0:rc2:*:*:*:*:*:* | n/a | n/a | 2.13.0 |
cpe:2.3:a:fastxml:jackson-databind:2.13.0:-:*:*:*:*:*:* | n/a | n/a | 2.13.0 |
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* | 2.10.0 (including) | 2.12.6 | * |
cpe:2.3:a:fasterxml:jackson-databind:2.13.0:-:*:*:*:*:*:* | n/a | n/a | 2.13.0 |
cpe:2.3:a:fasterxml:jackson-databind:2.13.0:rc1:*:*:*:*:*:* | n/a | n/a | 2.13.0 |
cpe:2.3:a:fasterxml:jackson-databind:2.13.0:rc2:*:*:*:*:*:* | n/a | n/a | 2.13.0 |