<p>There is no fixed version for <code>org.codehaus.jackson:jackson-mapper-asl</code>.</p>

Improper Input Validation Affecting org.codehaus.jackson:jackson-mapper-asl package, versions [0,]

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 1.46% (87^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGCODEHAUSJACKSON-3326362
published 1 Mar 2023
disclosed 24 May 2022
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 24 May 2022

CVE-2019-10202 Open this link in a new tab CWE-502 Open this link in a new tab

How to fix?

There is no fixed version for org.codehaus.jackson:jackson-mapper-asl.

Overview

org.codehaus.jackson:jackson-mapper-asl is a high-performance data binding package built on Jackson JSON processor.

Affected versions of this package are vulnerable to Improper Input Validation which results in several instances of deserialization of untrusted data. This issue is parallel to vulnerabilities reported and fixed in jackson-databind (CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086). Although no fix is available for codehaus, this vulnerability can be remediated by using a fixed version of jackson-databind.