WS-2018-0125 Medium Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github[bot]]

WS-2018-0125 - Medium Severity Vulnerability

Vulnerable Library - jackson-core-2.6.3.jar

Core Jackson abstractions, basic JSON streaming API implementation

path: /ddf/distribution/ddf/target/dependencies/apache-karaf-4.2.2/system/com/fasterxml/jackson/core/jackson-core/2.6.3/jackson-core-2.6.3.jar

Library home page: https://github.com/FasterXML/jackson-core

Dependency Hierarchy: - :x: **jackson-core-2.6.3.jar** (Vulnerable Library)

Vulnerability Details

OutOfMemoryError when writing BigDecimal In Jackson Core before version 2.7.6. When enabled the WRITE_BIGDECIMAL_AS_PLAIN setting, Jackson will attempt to write out the whole number, no matter how large the exponent.

Publish Date: 2018-06-24

URL: WS-2018-0125

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: https://github.com/FasterXML/jackson-core/commit/96642978dcf1b69cba68ec72cb2f652d59a8b5be

Release Date: 2016-08-25

Fix Resolution: Replace or update the following files: GeneratorBase.java, WriterBasedJsonGenerator.java, TestJsonGeneratorFeatures.java, UTF8JsonGenerator.java, VERSION

---

Step up your Open Source Security Game with WhiteSource here

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within 7 days. Thank you for your contributions.