Vulnerability Description
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fasterxml | Jackson-Dataformats-Binary | < 2.11.4 |
| Quarkus | Quarkus | < 2.0.2 |
| Oracle | Weblogic Server | 12.2.1.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f26PatchThird Party Advisory
- https://github.com/FasterXML/jackson-dataformats-binary/issues/186Issue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329PatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
- https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f26PatchThird Party Advisory
- https://github.com/FasterXML/jackson-dataformats-binary/issues/186Issue TrackingPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329PatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2020-28491?
CVE-2020-28491 is a vulnerability with a CVSS score of 7.5 (HIGH). This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang...
How severe is CVE-2020-28491?
CVE-2020-28491 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28491?
Check the references section above for vendor advisories and patch information. Affected products include: Fasterxml Jackson-Dataformats-Binary, Quarkus Quarkus, Oracle Weblogic Server.