WS-2018-0125 Medium Severity Vulnerability detected by WhiteSource

Question

WS-2018-0125 Medium Severity Vulnerability detected by WhiteSource

Closed this issue 6 years ago · 0 comments

mend-bolt-for-github commented 6 years ago

WS-2018-0125 - Medium Severity Vulnerability

Vulnerable Library - jackson-core-2.7.4.jar

Core Jackson abstractions, basic JSON streaming API implementation

path: /root/.gradle/caches/modules-2/files-2.1/com.fasterxml.jackson.core/jackson-core/2.7.4/b8f38a249116b66d804a5ca2b14a3459b7913a94/jackson-core-2.7.4.jar

Library home page: https://github.com/FasterXML/jackson-core

Dependency Hierarchy:

jackson-databind-2.7.4.jar (Root Library)
- ❌ jackson-core-2.7.4.jar (Vulnerable Library)

Vulnerability Details

OutOfMemoryError when writing BigDecimal In Jackson Core before version 2.7.6.
When enabled the WRITE_BIGDECIMAL_AS_PLAIN setting, Jackson will attempt to write out the whole number, no matter how large the exponent.

Publish Date: 2018-06-24

URL: WS-2018-0125

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: FasterXML/jackson-core#315

Release Date: 2018-01-24

Fix Resolution: 2.7.6

Step up your Open Source Security Game with WhiteSource here