CVE-2018-1000873

描述

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Databind that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.

如何修補 CVE-2018-1000873

要修補 CVE-2018-1000873,請將受影響套件升級到下列已修補版本。

• —升級至 2.9.8 或更新版本

CVE-2018-1000873 正在被利用嗎?

低 — EPSS 為 2.2%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 2.9.8

CVSS 分數

參考連結(17)

• ADVISORYgithub.com/advisories/GHSA-h4x4-5qp2-wp46
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-1000873
• PATCHgithub.com/FasterXML/jackson-modules-java8
• WEBbugzilla.redhat.com/show_bug.cgi?id=1665601
• WEB