CVE-2021-46877

Published

Severity

CVSS v3:
7.5 HIGH
CVSS v2:
N/A

Description

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

References

Configurations

CPE23Version StartVersion EndExact Version
cpe:2.3:a:fastxml:jackson-databind:*:*:*:*:*:*:*:*2.10.0 (including)2.12.6*
cpe:2.3:a:fastxml:jackson-databind:2.13.0:rc1:*:*:*:*:*:*n/an/a2.13.0
cpe:2.3:a:fastxml:jackson-databind:2.13.0:rc2:*:*:*:*:*:*n/an/a2.13.0
cpe:2.3:a:fastxml:jackson-databind:2.13.0:-:*:*:*:*:*:*n/an/a2.13.0
cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*2.10.0 (including)2.12.6*
cpe:2.3:a:fasterxml:jackson-databind:2.13.0:-:*:*:*:*:*:*n/an/a2.13.0
cpe:2.3:a:fasterxml:jackson-databind:2.13.0:rc1:*:*:*:*:*:*n/an/a2.13.0
cpe:2.3:a:fasterxml:jackson-databind:2.13.0:rc2:*:*:*:*:*:*n/an/a2.13.0

External Links