Vulnerability Details CVE-2021-46877
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.3%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2021-46877
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.0
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.1
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.2
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.3
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.4
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.5
-
cpe:2.3:a:fasterxml:jackson-databind:2.10.5.1
-
cpe:2.3:a:fasterxml:jackson-databind:2.11.0
-
cpe:2.3:a:fasterxml:jackson-databind:2.11.1
-
cpe:2.3:a:fasterxml:jackson-databind:2.11.2
-
cpe:2.3:a:fasterxml:jackson-databind:2.11.3
-
cpe:2.3:a:fasterxml:jackson-databind:2.11.4
-
cpe:2.3:a:fasterxml:jackson-databind:2.12.0
-
cpe:2.3:a:fasterxml:jackson-databind:2.12.1
-
cpe:2.3:a:fasterxml:jackson-databind:2.12.2
-
cpe:2.3:a:fasterxml:jackson-databind:2.12.3
-
cpe:2.3:a:fasterxml:jackson-databind:2.12.4
-
cpe:2.3:a:fasterxml:jackson-databind:2.12.5
-
cpe:2.3:a:fasterxml:jackson-databind:2.13.0