WS-2018-0124 - Medium Severity Vulnerability
Vulnerable Library - jackson-core-2.2.2.jar
path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.2.2/jackson-core-2.2.2.jar
Library home page: http://wiki.fasterxml.com/JacksonHome
Dependency Hierarchy:
- jackson-databind-2.2.2.jar (Root Library)
- ❌ jackson-core-2.2.2.jar (Vulnerable Library)
Found in commit: f396e60bf74726f66a202d308a1f2865177e4bee
Vulnerability Details
In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.
Publish Date: 2018-06-24
URL: WS-2018-0124
CVSS 2 Score Details (5.5)
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here
WS-2018-0124 - Medium Severity Vulnerability
path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.2.2/jackson-core-2.2.2.jar
Library home page: http://wiki.fasterxml.com/JacksonHome
Dependency Hierarchy:
Found in commit: f396e60bf74726f66a202d308a1f2865177e4bee
In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.
Publish Date: 2018-06-24
URL: WS-2018-0124
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here