Vulnerabilities > Fasterxml

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-3894 Out-of-bounds Write vulnerability in Fasterxml Jackson-Dataformats-Text
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS).
network
low complexity
fasterxml CWE-787
7.5
7.5
2023-06-14 CVE-2023-35116 Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind
** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.
local
high complexity
fasterxml CWE-770
4.7
4.7
2023-03-18 CVE-2021-46877 Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
network
low complexity
fasterxml CWE-770
7.5
7.5
2022-12-26 CVE-2020-10650 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in jackson-databind through 2.9.10.4.
network
high complexity
fasterxml oracle CWE-502
8.1
8.1
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-09-16 CVE-2022-40152 Out-of-bounds Write vulnerability in multiple products
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled.
network
low complexity
xstream-project fasterxml CWE-787
7.5
7.5
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
7.5
2021-02-18 CVE-2020-28491 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1.
network
low complexity
fasterxml quarkus oracle CWE-770
7.5
7.5
2021-01-19 CVE-2021-20190 Deserialization of Untrusted Data vulnerability in multiple products
A flaw was found in jackson-databind before 2.9.10.7.
network
high complexity
fasterxml netapp apache debian oracle CWE-502
8.1
8.1