WS-2018-0125 (Medium) detected in jackson-core-2.5.4.jar #92

mend-for-github-com · 2020-06-18T21:44:58Z

WS-2018-0125 - Medium Severity Vulnerability

Vulnerable Library - jackson-core-2.5.4.jar

Core Jackson abstractions, basic JSON streaming API implementation

Library home page: https://github.com/FasterXML/jackson

Path to dependency file: influxdb-plugin/pom.xml

Path to vulnerable library: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.5.4/jackson-core-2.5.4.jar

Dependency Hierarchy:

metrics-3.1.2.9.jar (Root Library)
- jackson2-api-2.5.4.jar
  - jackson-databind-2.5.4.jar
    - ❌ jackson-core-2.5.4.jar (Vulnerable Library)

Found in HEAD commit: 7c97de9ec0bd77809ff60eb1796193605267c571

Vulnerability Details

OutOfMemoryError when writing BigDecimal In Jackson Core before version 2.7.7.
When enabled the WRITE_BIGDECIMAL_AS_PLAIN setting, Jackson will attempt to write out the whole number, no matter how large the exponent.

Publish Date: 2016-08-25

URL: WS-2018-0125

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/FasterXML/jackson-core/releases/tag/jackson-core-2.7.7

Release Date: 2016-08-25

Fix Resolution: com.fasterxml.jackson.core:jackson-core:2.7.7

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jun 18, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0125 (Medium) detected in jackson-core-2.5.4.jar #92

WS-2018-0125 (Medium) detected in jackson-core-2.5.4.jar #92

mend-for-github-com bot commented Jun 18, 2020 •

edited

Loading

WS-2018-0125 (Medium) detected in jackson-core-2.5.4.jar #92

WS-2018-0125 (Medium) detected in jackson-core-2.5.4.jar #92

Comments

mend-for-github-com bot commented Jun 18, 2020 • edited Loading

WS-2018-0125 - Medium Severity Vulnerability

mend-for-github-com bot commented Jun 18, 2020 •

edited

Loading