CVE-2023-35116¶

Data: 2023-06-21

Severity: High

CVSS Score: -

Riferimenti: https://nvd.nist.gov/vuln/detail/CVE-2023-35116

Libreria: com.fasterxml.jackson.core:jackson-databind <= 2.14.2

Descrizione

** DISPUTED ** An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor’s perspective is that the product is not intended for use with untrusted input.

Falso Positivo per GovWay

Il progetto “FasterXML” ha dichiarato l’issue un falso positivo nell’issue 3972.

Configuration File: false-positive.xml