CVE-2023-35116

FasterXML/jackson-databind

on github

Published

June 14, 2023

Severity

CVSS v3:

4.7 MEDIUM

CVSS v2:

N/A

Description

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

References

https://github.com/FasterXML/jackson-databind/issues/3972

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:fasterxml:jackson-databind::::::::	n/a	2.15.2 (including)	*
cpe:2.3:a:fasterxml:jackson-databind::::::::	n/a	2.16.0	*

External Links

NVD - CVE-2023-35116