Vulnerabilities |
1 via 3 paths |
|---|---|
Dependencies |
21 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: tools.jackson.core:jackson-core
- Introduced through: tools.jackson.core:jackson-databind@3.1.0 and tools.jackson.dataformat:jackson-dataformat-xml@3.1.0
Detailed paths
-
Introduced through: Cantara/lib-electronic-components@Cantara/lib-electronic-components › tools.jackson.core:jackson-databind@3.1.0 › tools.jackson.core:jackson-core@3.1.0Remediation: Upgrade to tools.jackson.core:jackson-databind@3.1.1.
-
Introduced through: Cantara/lib-electronic-components@Cantara/lib-electronic-components › tools.jackson.dataformat:jackson-dataformat-xml@3.1.0 › tools.jackson.core:jackson-core@3.1.0Remediation: Upgrade to tools.jackson.dataformat:jackson-dataformat-xml@3.1.1.
-
Introduced through: Cantara/lib-electronic-components@Cantara/lib-electronic-components › tools.jackson.dataformat:jackson-dataformat-xml@3.1.0 › tools.jackson.core:jackson-databind@3.1.0 › tools.jackson.core:jackson-core@3.1.0Remediation: Upgrade to tools.jackson.dataformat:jackson-dataformat-xml@3.1.1.
Overview
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the enforcement of document length constraints in blocking, async, and DataInput parser processes. An attacker can cause excessive resource consumption by submitting oversized JSON documents that bypass configured size limits.
Remediation
Upgrade tools.jackson.core:jackson-core to version 3.1.1 or higher.