发布于3月6日3月6日 Members Red Hat JBossEAP: Allocation of Resources Without Limits or Throttling (CVE-2021-46877) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/19/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.. A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2021-46877 CVE - 2021-46877 https://access.redhat.com/security/cve/CVE-2021-46877 https://bugzilla.redhat.com/show_bug.cgi?id=2185707 https://access.redhat.com/errata/RHSA-2023:4505 https://access.redhat.com/errata/RHSA-2023:4506 https://access.redhat.com/errata/RHSA-2023:4507 https://access.redhat.com/errata/RHSA-2023:4509 View more
