search

tsaekao / verademo-java

The Veracode demo application. A simple Java Web App built using Spring MVC.
0 stars 0 forks source link

CVE: 0000-0000 found in Jackson-core - Version: 2.4.2 [JAVA] #14

Open github-actions[bot] opened 7 months ago

github-actions[bot] commented 7 months ago

Veracode Software Composition Analysis

Attribute Details
Library Jackson-core
Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description jackson-core is vulnerable to denial of service (DoS) attacks. The vulnerability is triggered when jackson-core reports an invalid token which has a word of length 10MB. It prints out the token to server.log file without limiting maxTokenLength to 256 bytes. This can cause a denial of service condition by filling up the disk space available.
CVE null
CVSS score 5
Vulnerability present in version/s 2.0.0-RC1-2.7.9
Found library version/s 2.4.2
Vulnerability fixed in version 2.8.6
Library latest version 2.16.1
Fix

Links:

github-actions[bot] commented 7 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/2

github-actions[bot] commented 7 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43