jackson-databind Black Duck security vulnerability : CVE :BDSA-2023-149
search cancel

jackson-databind Black Duck security vulnerability : CVE :BDSA-2023-149

book

Article ID: 270100

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

jackson-databind is reported by our internal Black Duck security scan for Introscope Enterprise Manager 10.8.

Details:

CVE :BDSA-2023-149

  And

"An issue was discovered jackson-databind thru 2.15.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that the product is not intended for use with untrusted input."

Environment

  • Release: 10.8

Resolution

  • No Impact on APM  as based on the existing information about this vulnerability, it is a false positive with no impact on APM, hence  no solution/workaround needed.
Powered by Wolken Software