You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Cole Greer (Jira)" <ji...@apache.org> on 2023/07/31 18:59:00 UTC

[jira] [Closed] (TINKERPOP-2948) PRISMA security vulnerabilty for jackson-databind 2.14.0

     [ https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Cole Greer closed TINKERPOP-2948.
---------------------------------

> PRISMA security vulnerabilty for jackson-databind 2.14.0
> --------------------------------------------------------
>
>                 Key: TINKERPOP-2948
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2948
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.6.3, 3.5.6
>            Reporter: Aaron Coady
>            Assignee: Cole Greer
>            Priority: Critical
>              Labels: breaking
>             Fix For: 3.7.0, 3.5.7, 3.6.5
>
>
>  
> h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0
> [https://github.com/FasterXML/jackson-core/pull/827]
>  
> com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS). The package does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended and leads to Uncontrolled Resource Consumption ('Resource Exhaustion')



--
This message was sent by Atlassian Jira
(v8.20.10#820010)