All errata/p11/ALT-PU-2026-9800-1
ALT-PU-2026-9800-1

Package update jackson-databind in branch p11

Version2.20.1-alt1
Task#416479
Published2026-06-17
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2024-01074
MEDIUM4.7

Уязвимость библиотеки Jackson-databind проекта FasterXML, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-02-06
CVSS 3.xMEDIUM 4.7
CVSS:3.x/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0LOW 3.8
CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:N/A:C
References
CVE-2023-35116
MEDIUM4.7

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

Published: 2023-06-14Modified: 2026-06-17
CVSS 3.xMEDIUM 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
References