search

MidnightBSD / security-advisory

A rest api to pull NVD security advisory data and formulate it for mport consumption
BSD 2-Clause "Simplified" License
1 stars 2 forks source link

CVE-2023-35116 (Medium) detected in jackson-databind-2.13.5.jar - autoclosed #161

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2023-35116 - Medium Severity Vulnerability

Vulnerable Library - jackson-databind-2.13.5.jar

General data-binding functionality for Jackson: works on core streaming API

Library home page: http://github.com/FasterXML/jackson

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.5/jackson-databind-2.13.5.jar

Dependency Hierarchy: - spring-boot-starter-data-rest-2.7.12.jar (Root Library) - spring-data-rest-webmvc-3.7.12.jar - :x: **jackson-databind-2.13.5.jar** (Vulnerable Library)

Found in HEAD commit: 270465e4bf74e87253e9245ca2e1fc7ed83b0cbb

Found in base branch: master

Vulnerability Details

An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

Publish Date: 2023-06-14

URL: CVE-2023-35116

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-35116

Release Date: 2023-06-14

Fix Resolution: org.apache.camel:camel-example-spring-boot-metrics - 2.17.1,2.17.1,2.17.1;org.kie.kogito:dmn-springboot-example - 1.6.0.Final;org.kie.kogito:pmml-springboot-example - 1.6.0.Final;org.apache.camel:camel-example-spark-rest-tomcat - 2.15.2,2.14.1,2.15.2,2.15.2,2.15.2,2.15.2,2.15.2,2.15.2,2.15.1;io.hawt:hawtio-default - 1.4.1,1.4.1,1.4.1,1.4.1,1.2.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,2.0.2,1.4.1,1.4.1,1.2.1,1.4.1,1.4.1,1.4.1,1.5.X,2.0.2,1.4.1,2.0.2,1.4.1,1.4.1;io.syndesis.server:server-builder-image-generator - 1.13.1,1.13.1,1.3.5;io.hawt:hawtio-json-schema-mbean - 1.4.1,1.4.1,1.4.1,1.4.1,1.2.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.2.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.2.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.2.1,1.4.1,1.4.1;org.teiid:vdb-base-builder - 1.6.0;org.kie.kogito.examples:ruleunit-springboot-example - 1.6.0.Final;org.kie:kie-server-spring-boot-kafka-sample - 7.60.0.Final,7.68.0.Final;io.syndesis.server:server-runtime - 1.3.5,1.13.1;org.kie:kie-server-spring-boot-integ-tests-sample - 7.68.0.Final;org.kie.kogito:dmn-pmml-springboot-example - 1.6.0.Final;org.apache.camel:camel-example-activemq-tomcat - 2.18.2;io.syndesis.meta:meta - 1.13.1,1.3.5,1.13.1;io.hawt:hawtio-custom-app - 1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,1.4.31,2.0.0,1.4.31;org.apache.activemq:activemq-web-console - 5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.11.1,5.10.1,5.11.1,5.11.1,5.11.1,5.11.1;org.kie:keycloak-kie-server-spring-boot-sample - 7.60.0.Final,7.68.0.Final;org.apache.activemq.examples.rest:push - 2.19.0,2.22.0;io.fabric8:fabric-webapp-agent - 1.2.0.redhat-133;io.hawt:hawtio-sample-springboot - 1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.5.X,1.5.X,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15,1.4.15;io.hawt:sample - 1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.5.X,1.4.1,1.4.1,1.2.1,1.5.X,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1;org.apache.activemq.examples.rest:javascript-chat - 2.19.0,2.22.0;org.kie.kogito:dmn-listener-springboot - 1.6.0.Final;io.fabric8:tooling-fabric-all - 1.2.0.redhat-133,1.2.0.redhat-133;org.apache.activemq.examples.rest:mixed-jms-rest - 2.22.0,2.19.0;io.hawt:hawtio-default-offline - 1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.5.X,1.4.1,1.2.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.2.1,1.4.1,1.2.1,1.4.1;io.fabric8:gateway-servlet-example - 2.0.0,2.0.0,2.0.0,2.0.0,1.2.0.redhat-133,2.0.0,2.0.0,2.0.0;io.hawt:hawtio-keystore-mbean - 1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.4.1,1.5.X,1.4.1,1.4.1,1.4.1;org.apache.camel:camel-example-spring-boot - 2.17.1,2.17.1,2.17.1;org.apache.activemq.examples.rest:dup-send - 2.19.0,2.22.0;org.apache.camel:camel-example-swagger-xml - 2.17.1,2.17.1,2.17.1,2.17.1;org.kie:kie-server-spring-boot-sample - 7.68.0.Final;GridGain - 8.8.9,8.8.1,8.7.33;org.kie.kogito.examples:dmn-drools-springboot-metrics - 1.6.0.Final;org.kie:jbpm-spring-boot-sample-basic - 7.60.0.Final,7.68.0.Final;org.apache.camel:camel-example-servlet-rest-tomcat - 2.15.2,2.15.2,2.15.2,2.15.2,2.14.1,2.15.1,2.15.2;org.apache.camel:camel-example-spring-boot-metrics - 2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1,2.17.1;io.syndesis.server:syndesis-cli - 1.13.1,1.13.1;io.apiman:apiman-manager-api-war - 1.2.1.Final

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.