First published: Wed Jun 14 2023(Updated: )
** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FasterXML jackson-databind | <=2.15.2 | |
redhat/jackson-databind | <2.15.2 | 2.15.2 |
FasterXML jackson-databind | <2.16.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-35116.
The severity of CVE-2023-35116 is medium with a severity value of 4.7.
The FasterXML jackson-databind software up to version 2.15.2 is affected by this vulnerability.
This vulnerability allows attackers to cause a denial of service or other unspecified impact by using crafted objects with cyclic dependencies.
At the moment, there is no information available about a fix for this vulnerability.