FasterXML/jackson-modules-java8

Releases106

Frequency1 month 2 days

Last Release 20 days ago

Stars418

Set of support modules for Java 8 datatypes (Optionals, date/time) and features (parameter names)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-1000873 ↗	Dec 20, 2018Thursday, 20 December 2018, 17:29	6.5 MEDIUM	4.3 MEDIUM
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.