OSV-2023-1300 Security exception in com.fasterxml.jackson.core.JsonParser.currentName

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65024 Crash type: Security exception Crash state: com.fasterxml.jackson.core.JsonParser.currentName com.fasterxml.jackson.dataformat.yaml.YAMLParser.currentName com.fasterxml.jackson.dataformat.yaml.YAMLParser.getCurrentName...

OSV-2022-678 Security exception in com.fasterxml.jackson.databind.node.ArrayNode.serialize

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49828 Crash type: Security exception Crash state: com.fasterxml.jackson.databind.node.ArrayNode.serialize com.fasterxml.jackson.core.json.WriterBasedJsonGenerator.verifyValueWrite...

OSV-2021-556 Uncaught exception in java.base/java.util.Arrays.copyOf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32423 Crash type: Uncaught exception Crash state: java.base/java.util.Arrays.copyOf com.fasterxml.jackson.core.util.TextBuffer.expandCurrentSegment com.fasterxml.jackson.core.json.UTF8StreamJsonParser.addName...

CVE-2020-28491

CVE-2020-28491 affects the jackson-dataformat-cbor component. An unchecked allocation of byte buffers can lead to java.lang.OutOfMemoryError. Affected versions include 0 and earlier than 2.11.4, and 2.12.0-rc1 and earlier than 2.12.1. The issue is tied to the data format CBOR handling (byte buffe...