Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-42004

Published: 02/10/2022 Updated: 02/12/2022
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Jackson-databind

Vulnerability Summary

In FasterXML jackson-databind prior to 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fasterxml jackson-databind

quarkus quarkus

debian debian linux 10.0

debian debian linux 11.0

netapp oncommand workflow automation -

Vendor Advisories

Debian Security Advisories: DSA-5283-1 jackson-databind -- security update
Several flaws were discovered in jackson-databind, a fast and powerful JSON library for Java CVE-2020-36518 Java StackOverflow exception and denial of service via a large depth of nested objects CVE-2022-42003 In FasterXML jackson-databind resource exhaustion can occur because of a lack of a check in primitive value deserializers ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: In FasterXML jackson-databind before 2134, resource exhaustion can occur because of a lack of a check in BeanDeserializer_deserializeFromArray to prevent use of deeply nested arrays An application is vulnerable only with certain customized choices for deserialization ...
Red Hat: Moderate: Red Hat AMQ Broker 7.10.2 release and security update
Synopsis Moderate: Red Hat AMQ Broker 7102 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat AMQ Broker 7102 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: Red Hat Data Grid 8.4.1 security update
Synopsis Important: Red Hat Data Grid 841 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid 8 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating ...
Red Hat: Important: Red Hat build of Quarkus 2.13.5 release and security update
Synopsis Important: Red Hat build of Quarkus 2135 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Red Hat ProductSecurity has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Satellite 6.13 Release
Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...
Red Hat: Moderate: Red Hat Integration Camel Extensions For Quarkus 2.13.2
Synopsis Moderate: Red Hat Integration Camel Extensions For Quarkus 2132 Type/Severity Security Advisory: Moderate Topic Red Hat Integration Camel Extensions for Quarkus 2132 is now available The purpose of this text-only errata is to inform you about the security issues fixedRed Hat Product Security has rated this update as having an i ...
Red Hat: Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
Synopsis Important: Red Hat build of Eclipse Vertx 434 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Eclipse VertxRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives ...
Red Hat: Important: Migration Toolkit for Runtimes security update
Synopsis Important: Migration Toolkit for Runtimes security update Type/Severity Security Advisory: Important Topic An update is now available for Migration Toolkit for Runtimes (v101)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgives a ...
Red Hat: Important: jenkins and jenkins-2-plugins security update
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
Red Hat: Important: Red Hat Process Automation Manager 7.13.3 security update
Synopsis Important: Red Hat Process Automation Manager 7133 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Critical: OpenShift Developer Tools and Services for OCP 4.12 security update
Synopsis Critical: OpenShift Developer Tools and Services for OCP 412 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer To ...
Red Hat: Important: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Synopsis Important: Red Hat Integration Camel for Spring Boot 3183 Patch 2 release Type/Severity Security Advisory: Important Topic Camel for Spring Boot 3183 Patch 2 release and security update is now availableRed Hat Product Security has rated this update as having an impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Red Hat: Moderate: Red Hat AMQ Streams 2.3.0 release and security update
Synopsis Moderate: Red Hat AMQ Streams 230 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat AMQ Streams 230 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: Red Hat build of Quarkus 2.7.7 release and security update
Synopsis Important: Red Hat build of Quarkus 277 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of Quarkus Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Moderate: Red Hat OpenShift (Logging Subsystem) security update
Synopsis Moderate: Red Hat OpenShift (Logging Subsystem) security update Type/Severity Security Advisory: Moderate Topic An update for Logging Subsystem (560) is now available for Red Hat OpenShift Container PlatformRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System ...
Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 555 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 555 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update
Synopsis Important: Red Hat Single Sign-On 762 for OpenShift image security and enhancement update Type/Severity Security Advisory: Important Topic A new image is available for Red Hat Single Sign-On 762, running on RedHat OpenShift Container Platform from the release of 311 up to the releaseof 4120Red Hat Product Security has rated t ...
Red Hat: Important: Red Hat AMQ Streams 2.4.0 release and security update
概述 Important: Red Hat AMQ Streams 240 release and security update 类型/严重性 Security Advisory: Important 标题 Red Hat AMQ Streams 240 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 548 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic An update is now available for Logging subsystem for Red Hat OpenShift 54Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update
Synopsis Moderate: Openshift Logging 5314 bug fix release and security update Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5314)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
概述 Important: Red Hat Single Sign-On 762 security update on RHEL 8 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 8Red H ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 7 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 7Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
Synopsis Important: Red Hat Single Sign-On 762 security update on RHEL 9 Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic New Red Hat Single Sign-On 762 packages are now available for Red Hat Enterprise Linux 9Red Hat ...
Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update
Synopsis Important: Red Hat Single Sign-On 762 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 76 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2022-3143, CVE-2022-41881, CVE-2022-42003, CVE-2022-42004, CVE-2022-45787, CVE-2023-0264, CVE-2023-0482, CVE-2023-2454 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Brocade Security Advisories: Access Denied
Menu Log in ...

Github Repositories

https://github.com/steinarb/servlet

Various servets and filters

Java servlet common code Servlet and filter classes that are intended to be inherited to cut down on boilerplate code Status of the project Release history DateVersionComment <2024-03-01 Fri 17:54>1610add shiro-jaxrs feature to JerseyServlet <2023-11-05 Sun 10:37>169jersey 241, jackson 2153, jun

https://github.com/steinarb/bang-bompom

Common maven dependencies and common maven plugin configurations and versions

Master BoM and POM This project contains common maven plugin configurations and versions used across my project This project also contains common versions of code used in development and testing (JUnit, mockito, assertJ) The purpose of this maven parent, is to get a single point of change for boring configuration stuff as well as slimming down the top pom files of my maven p

https://github.com/steinarb/jersey-karaf-feature

An apache karaf feature repository containing a feature that will load the Jersey JAX-RS implementation

Jersey karaf feature This is a maven pom that generates an apache karaf feature repository with a feature loading the jersey JAX-RS implementation Installing the feature in karaf Give the following commands from the karaf console: feature:repo-add mvn:noprivbangkaraf/jersey/LATEST/xml/features feature:install jersey-karaf-feature Use the feature in a maven project If y

https://github.com/steinarb/sonar-collector

A utility to collect a history of key numbers for each SonarQube analysis triggered by maven builds.

SonarQube metrics collector SonarQube is a code analysis tool that shows key numbers about code quality, eg code coverage, code complexity and various code practices SonarQube has a web GUI that allows exploring the analysis results However, SonarQube has no storage of build quality history To keep statistics about code quality one either have to manually type the key num

References

CWE-502https://github.com/FasterXML/jackson-databind/issues/3582https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88https://security.gentoo.org/glsa/202210-21https://www.debian.org/security/2022/dsa-5283https://security.netapp.com/advisory/ntap-20221118-0008/https://lists.debian.org/debian-lts-announce/2022/11/msg00035.htmlhttps://nvd.nist.govhttps://www.debian.org/security/2022/dsa-5283https://github.com/steinarb/servlet
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook