Lucene search
GitHub Advisory DatabaseGHSA-Q95J-488Q-5Q3PHistoryJan 09, 2023 - 8:05 p.m.
Apiman Manager API affected by Jackson denial of service vulnerability
2023-01-0920:05:31
CWE-787
GitHub Advisory Database
github.com
18
Impact
Due to a vulnerability in jackson-databind <= 2.12.6.0, an authenticated attacker could craft an Apiman policy configuration which, when saved, may cause a denial of service on the Apiman Manager API.
This does not affect the Apiman Gateway.
Patches
Upgrade to Apiman 3.0.0.Final or later.
If you are using an older version of Apiman and need to remain on that version, contact your Apiman support provider for advice/long-term support.
Workarounds
If all users of the Apiman Manager are trusted then you may assess this is low risk, as an account is required to exploit the vulnerability.
References
- Apiman maintainer and security contact: [email protected]
- https://nvd.nist.gov/vuln/detail/CVE-2020-36518
- https://github.com/FasterXML/jackson-databind/issues/2816
| CPE | Name | Operator | Version |
|---|---|---|---|
| io.apiman:apiman-manager-api-impl | le | 2.2.3.Final |
Related
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2022-03-14 09:02:56
nessus
nessus
Oracle Primavera P6 Enterprise Project Portfolio Management (Jul 2022 CPU)
2022-10-05 00:00:00
Oracle Access Manager DoS (Jul 2023 CPU)
2023-07-21 00:00:00
Debian DLA-2990-1 : jackson-databind - LTS security update
2022-05-02 00:00:00
atlassian
atlassian
Bump jackson-databind dependency to 2.13.4.2
2023-01-12 09:57:47
jackson-databind Vulnerability in Bitbucket Data Center and Server
2023-10-06 17:44:36
jackson-databind Vulnerability in Bamboo Data Center and Server
2023-10-06 17:44:47
redhat
redhat
(RHSA-2022:5596) Moderate: Red Hat build of Quarkus 2.7.6 release and security update
2022-07-19 11:26:48
(RHSA-2023:2312) Moderate: jackson security update
2023-05-09 05:07:11
ubuntucve
ubuntucve
CVE-2020-36518
2022-03-11 00:00:00
debian
debian
[SECURITY] [DLA 2990-1] jackson-databind security update
2022-05-02 18:33:27
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
cve
cve
CVE-2020-36518
2022-03-11 07:15:00
oraclelinux
oraclelinux
jackson security update
2023-05-15 00:00:00
almalinux
almalinux
Moderate: jackson security update
2023-05-09 00:00:00
debiancve
debiancve
CVE-2020-36518
2022-03-11 07:15:00
osv
osv
CVE-2020-36518
2022-03-11 07:15:07
Apiman Manager API affected by Jackson denial of service vulnerability
2023-01-09 20:05:31
Deeply nested json in jackson-databind
2022-03-12 00:00:36
prion
prion
Design/Logic Flaw
2022-03-11 07:15:00
redhatcve
redhatcve
CVE-2020-36518
2022-03-16 11:47:03
github
github
Deeply nested json in jackson-databind
2022-03-12 00:00:36
freebsd
freebsd
kafka -- Denial Of Service vulnerability
2022-03-11 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
suse
suse
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Related for GHSA-Q95J-488Q-5Q3P