Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion
Vulnerability Description
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
FasterXML jackson-core 安全漏洞
Vulnerability Description
FasterXML jackson-core是FasterXML开源的一个API软件。 FasterXML jackson-core 3.0.0至3.1.0之前版本存在安全漏洞,该漏洞源于解析JSON时绕过嵌套深度限制,可能导致栈溢出和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A