|
Vulnerabilities
< Back

CVE-2020-36518

Updated on 11 Mar 2022

Severity

7.5 High severity

Details

CVSS score
7.5
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Details

Affected product:
AlmaLinux 9.2 ESU , Apache Hadoop , Apache Hive , Apache Kafka , Apache Spark , Apache Struts , Hibernate , Jackson , Spring , accumulo , activemq , agepredictor , avro , aws-sdk-java , calcite , cas-client-core , couchbase-jvm-clients , cxf , elasticsearch , gradle , hazelcast , hbase , http-client , incubator-retired-htrace , java-cas-client , java-driver , json-schema-validator , kubernetes-client , logging-log4j2 , lucene , solr , swagger-core , swagger-jaxrs2 , tika , tinkerpop
Affected packages:
hive-exec @ 2.3.9 (+1818 more)
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Fixes