Security Bulletin: Vulnerability in jackson-databind affects watsonx.data

Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager software component

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance - Identity Manager software component. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw...

RHEL 9 : Red Hat JBoss Enterprise Application Platform (RHSA-2023:4507)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4507 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2021-46877 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a flaw when using JDK serialization for...

CVE-2021-46877

A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

Denial Of Service (DoS)

jackson-databind is vulnerable to Denial Of Service DoS. The vulnerability exists because the writeExternal function in NodeSerialization.java does not properly handle JDK serialization of the JsonNode, which allows an attacker to crash the application2 GB transient heap usage per read if uses JD...

GHSA-3X8X-79M2-3W2W jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

Heap overflow

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

Security Bulletin: Vulnerabilities in FasterXML affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (217968, CVE-2020-36518)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. Faster-XML Jackson is a JSON to Java object conversion API 217968, CVE-2020-36518. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is...

Security Bulletin: A security vulnerability has been identified in jackson-databind shipped with IBM Tivoli Netcool Impact (CVE-2020-36518, WS-2021-0616)

Summary jackson-databind is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting jackson-databind has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of...

Security Bulletin: Cúram Social Program Management may be affected by Denial of Service vulnerability in jackson-databind (217968)

Summary IBM Cúram Social Program Management uses the jackson-databind libraries, for which there is a publicly known vulnerability. FasterXML jackson-databind is vulnerable to a denial of service, caused by an error when using JDK serialization to serialize and deserialize JsonNode values. By...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to denial of service due to FasterXML jackson-databind

Summary IBM Sterling Connect:Direct Web Services FasterXML jackson-databind. A denial of service vulnerability in FasterXML jackson-databind has been addressed. Vulnerability Details IBM X-Force ID: 217968 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by an...