CVE-2021-46877

jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode

Description

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Java

Publish Date

March 18, 2023

Modified Date

February 26, 2025

Score Vector

Affected Versions