[Bugs] [Bug 13544] New: [CVE 21] jackson-dataformats-text 2.9.8 CVEs found

Ср Авг 23 23:20:56 MSK 2023

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13544

          Platform: 2021.1
            Bug ID: 13544
           Summary: [CVE 21] jackson-dataformats-text 2.9.8  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2023-3894,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package jackson-dataformats-text version 2.9.8

INFO (CVEs are): jackson-dataformats-text 2.9.8
 cves found
CVE-2023-3894
Desc: Those using jackson-dataformats-text to parse TOML data may be vulnerable
to Denial of Service attacks (DOS). If the parser is running on user supplied
input, an attacker may supply content that causes the parser to crash by
stackoverflow. This effect may support a denial of service attack.

Link: https://nvd.nist.gov/vuln/detail/CVE-2023-3894
Severity: HIGH

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено&hellip;
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/9d6fbbb9/attachment.html>