The library com.fasterxml.jackson.core:jackson-core version 2.17.2 has been flagged for vulnerability GHSA-72hv-8253-57qq. This vulnerability affects versions >= 2.0.0 and <= 2.18.5 and carries a vendor severity of High.

The library `com.fasterxml.jackson.core:jackson-core` version `2.17.2` was detected in `Maven library manager` located at `/opt/CA/WorkloadAutomationAE/autosys/lib/jackson-core.jar` and is vulnerable to `GHSA-72hv-8253-57qq`; which exists in versions `>= 2.0.0; <= 2.18.5`.  The vulnerability was found in the Github Security Advisory with vendor severity: `High`.  The vulnerability can be remediated by updating the library to version `2.18.6` or higher; using `mvn versions:use-latest-releases -Dincludes=com.fasterxml.jackson.core:jackson-core`.

The vulnerability typically involves a resource exhaustion (DoS) risk when using the non-blocking (asynchronous) JSON parser, where the maxNumberLength constraint may not be properly enforced.

File Path : /opt/CA/WorkloadAutomationAE/autosys/lib/jackson-core.jar

Library Version detected: 2.17.2

Product: Autosys Workload Automation

Component: Autosys Scheduler / Maven Library Manager

AutoSys is NOT vulnerable to this specific attack.

The Autosys Scheduler and its related components use synchronous JSON parsing exclusively. According to the GitHub Security Advisory (GHSA-72hv-8253-57qq), the standard synchronous parser correctly enforces the maxNumberLength limit and is not susceptible to the reported issue.