Aaron Coady created TINKERPOP-2948: -------------------------------------- Summary: PRISMA security vulnerabilty for jackson-databind 2.14.0 Key: TINKERPOP-2948 URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 Project: TinkerPop Issue Type: Bug Components: server Affects Versions: 3.5.6, 3.6.3 Reporter: Aaron Coady
h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 [https://github.com/FasterXML/jackson-core/pull/827] com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS). The package does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended and leads to Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)