The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.
Introduced through
org.flywaydb:flyway-commandline@10.12.0 and org.flywaydb:flyway-gradle-plugin@10.12.0
Fixed in
com.fasterxml.jackson.core:jackson-core@2.15.0-rc1
Exploit maturity
No known exploit
Show less detail
Detailed paths
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.fasterxml.jackson.core:jackson-databind@2.15.2 › com.fasterxml.jackson.core:jackson-core@2.14.2
Fix: Your dependencies are out of date, otherwise you would be using a newer com.fasterxml.jackson.core:jackson-core than com.fasterxml.jackson.core:jackson-core@2.14.2. Try reinstalling your dependencies. If the problem persists, one of your dependencies may be bundling outdated modules.
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.fasterxml.jackson.dataformat:jackson-dataformat-xml@2.15.2 › com.fasterxml.jackson.core:jackson-core@2.14.2
Fix: Your dependencies are out of date, otherwise you would be using a newer com.fasterxml.jackson.core:jackson-core than com.fasterxml.jackson.core:jackson-core@2.14.2. Try reinstalling your dependencies. If the problem persists, one of your dependencies may be bundling outdated modules.
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.google.cloud:google-cloud-storage@2.22.5 › com.fasterxml.jackson.core:jackson-core@2.14.2
…and 1 more
Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing input size validation when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values, causing the application to exhaust all available resources.
https://app.snyk.io/org/fecgov/project/e6c155e9-f0ac-4a49-98fa-83c24f5b74b3#issue-SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538
Introduced through org.flywaydb:flyway-commandline@10.12.0 and org.flywaydb:flyway-gradle-plugin@10.12.0 Fixed in com.fasterxml.jackson.core:jackson-core@2.15.0-rc1 Exploit maturity No known exploit Show less detail Detailed paths Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.fasterxml.jackson.core:jackson-databind@2.15.2 › com.fasterxml.jackson.core:jackson-core@2.14.2 Fix: Your dependencies are out of date, otherwise you would be using a newer com.fasterxml.jackson.core:jackson-core than com.fasterxml.jackson.core:jackson-core@2.14.2. Try reinstalling your dependencies. If the problem persists, one of your dependencies may be bundling outdated modules. Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.fasterxml.jackson.dataformat:jackson-dataformat-xml@2.15.2 › com.fasterxml.jackson.core:jackson-core@2.14.2 Fix: Your dependencies are out of date, otherwise you would be using a newer com.fasterxml.jackson.core:jackson-core than com.fasterxml.jackson.core:jackson-core@2.14.2. Try reinstalling your dependencies. If the problem persists, one of your dependencies may be bundling outdated modules. Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@10.12.0 › com.google.cloud:google-cloud-storage@2.22.5 › com.fasterxml.jackson.core:jackson-core@2.14.2 …and 1 more
Security information Factors contributing to the scoring: Snyk: CVSS v4.0 8.7 - High Severity | CVSS v3.1 7.5 - High Severity NVD: NVD only publishes analysis of vulnerabilities which are assigned a CVE ID. This vulnerability currently does not have an assigned CVE ID. Why are the scores different? Learn how Snyk evaluates vulnerability scores Overview com.fasterxml.jackson.core:jackson-core is a Core Jackson abstractions, basic JSON streaming API implementation
Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing input size validation when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values, causing the application to exhaust all available resources.
Completion Criteria