https://bugzilla.redhat.com/show_bug.cgi?id=2064698
Bug ID: 2064698
Summary: CVE-2020-36518 jackson-databind: denial of service via
a large depth of nested objects
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, ataylor(a)redhat.com,
bbaranow(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
boliveir(a)redhat.com, brian.stansberry(a)redhat.com,
cdewolf(a)redhat.com, cdorney(a)redhat.com,
cfu(a)redhat.com, chazlett(a)redhat.com,
ckelley(a)redhat.com, darran.lofthouse(a)redhat.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, edewata(a)redhat.com,
emingora(a)redhat.com, eparis(a)redhat.com,
eric.wittmann(a)redhat.com, etirelli(a)redhat.com,
fjuma(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jmagne(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jrokos(a)redhat.com, jross(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lgao(a)redhat.com, mharmsen(a)redhat.com,
mnovotny(a)redhat.com, mosmerov(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pdelbell(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, puntogil(a)libero.it,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, smaestri(a)redhat.com,
sponnaga(a)redhat.com, sthorger(a)redhat.com,
swoodman(a)redhat.com, tom.jenkinson(a)redhat.com,
tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
A Java StackOverflow exception and denial of service via a large depth of
nested objects.
Reference:
https://github.com/FasterXML/jackson-databind/issues/2816
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2064698