CVE-2018-1000873
published 2018-12-20CVE-2018-1000873: Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fasterxml | jackson-modules-java8 | < 2.9.8 | 2.9.8 |
| netapp | active_iq_unified_manager | >= 7.3 | — |
| netapp | active_iq_unified_manager | >= 9.5 | — |
| oracle | clusterware | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | global_lifecycle_management_opatch | < 11.2.0.3.23 | 11.2.0.3.23 |
| oracle | global_lifecycle_management_opatch | >= 12.2.0.1.0 < 12.2.0.1.19 | 12.2.0.1.19 |
| oracle | global_lifecycle_management_opatch | >= 13.9.4.0.0 < 13.9.4.2.1 | 13.9.4.2.1 |
| oracle | nosql_database | < 19.3.12 | 19.3.12 |
| redhat | jboss_enterprise_application_platform | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL