Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32340

Update jackson.version to 2.15.0

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Won't Do
    • Affects Version/s: 2023.7
    • Fix Version/s: None
    • Component/s: Distribution / Installers

      Description

      Client reported vulnerability flagged by Prisma scan

      com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS). The package does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended and leads to Uncontrolled Resource Consumption (\'Resource Exhaustion\').

        Attachments

          Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. NXP-32064 Upgrade jackson-core to 2.15.0

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                hbrown Harlan Brown
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: