Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-28491

This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

Published

2021-02-18T16:15:13.207

Last Modified

2024-11-21T05:22:53.697

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-770
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fasterxml jackson-dataformats-binary < 2.11.4 Yes
Application fasterxml jackson-dataformats-binary < 2.12.1 Yes
Application fasterxml jackson-dataformats-binary 2.12.0 Yes
Application fasterxml jackson-dataformats-binary 2.12.0 Yes
Application fasterxml jackson-dataformats-binary 2.12.0 Yes
Application quarkus quarkus < 2.0.2 Yes
Application oracle weblogic_server 12.2.1.3.0 Yes
Application oracle weblogic_server 12.2.1.4.0 Yes
Application oracle weblogic_server 14.1.1.0.0 Yes
References