7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
40.9%
com.fasterxml.jackson.dataformat: jackson-dataformat-toml is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due a lack of a max nesting depth; If the TOML parser is run on user supplied input an attacker is able to cause a stackoverflow, resulting in an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
jackson-dataformat-toml | le | 2.14.3 | |
jackson-dataformat-toml | le | 2.14.3 |
bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
github.com/advisories/GHSA-rg2c-cfxv-qp6f
github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x
github.com/FasterXML/jackson-dataformats-text/commit/5dd5f740aedcf37adad7ffece460e75e54abb0ed
github.com/FasterXML/jackson-dataformats-text/pull/398