CVE-2023-3894 – com.fasterxml.jackson.dataformat:jackson-dataformats-text

Package

Manager: maven
Name: com.fasterxml.jackson.dataformat:jackson-dataformats-text
Vulnerable Version: >=0 <2.15.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

EPSS: 0.0005 pctl0.15027

Details

Denial of service in jackson-dataformats-text Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Metadata

Created: 2023-08-08T18:30:37Z
Modified: 2023-09-06T15:32:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-rg2c-cfxv-qp6f/GHSA-rg2c-cfxv-qp6f.json
CWE IDs: ["CWE-20", "CWE-400", "CWE-787"]
Alternative ID: GHSA-rg2c-cfxv-qp6f
Finding: F002
Auto approve: 1