You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CVE-2018-1000873 - Medium Severity Vulnerability
Vulnerable Library - jackson-datatype-jsr310-2.8.11.jar
Add-on module to support JSR-310 (Java 8 Date & Time API) data types.
Library home page: https://github.com/FasterXML/jackson-modules-java8/
Path to dependency file: pulsar/pulsar-sql/presto-distribution/pom.xml
Path to vulnerable library: 0150316_LVRAMP/downloadResource_AEDNMT/20210810150945/jackson-datatype-jsr310-2.8.11.jar
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Publish Date: 2018-12-20
URL: CVE-2018-1000873
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1665601
Fix Resolution: Upgrade to version jackson-modules-java8 2.9.8 or greater
The text was updated successfully, but these errors were encountered: