Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Support for reading and writing content of "Java Properties" style
configuration files as if there was implied nesting structure (by default using dots as separators).
Path to dependency file: /front50-swift/front50-swift.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Path to dependency file: /front50-api-tck/front50-api-tck.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-3894
### Vulnerable Library - jackson-dataformat-properties-2.12.3.jarSupport for reading and writing content of "Java Properties" style configuration files as if there was implied nesting structure (by default using dots as separators).
Library home page: http://fasterxml.com/
Path to dependency file: /front50-swift/front50-swift.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.dataformat/jackson-dataformat-properties/2.12.3/d1e84484418c1afa943ad85a573b054d205d16b/jackson-dataformat-properties-2.12.3.jar
Dependency Hierarchy: - kork-plugins-7.126.0.jar (Root Library) - :x: **jackson-dataformat-properties-2.12.3.jar** (Vulnerable Library)
Found in HEAD commit: 030c85bbbd79c49a42f0cc49719b8c41bd782262
Found in base branch: master
### Vulnerability DetailsThose using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Publish Date: 2023-08-08
URL: CVE-2023-3894
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 3 Score Details (5.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2023-08-08
Fix Resolution: com.fasterxml.jackson.dataformat:jackson-dataformat-properties:2.15.0;com.fasterxml.jackson.dataformat:jackson-dataformat-toml:2.15.0