Vulnerability in com.fasterxml.jackson.core:jackson-core (GHSA-72hv-8253-57qq) - Automic Automation.
search cancel

Vulnerability in com.fasterxml.jackson.core:jackson-core (GHSA-72hv-8253-57qq) - Automic Automation.

book

Article ID: 436482

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Security scans or vulnerability assessments of the Automic Automation 24.4.4 environment identify a vulnerable version of the third-party library jackson-core-2.15.3.jar. The vulnerability is tracked as GHSA-72hv-8253-57qq.

Detected locations include:

  • /usr/server/bin/plugins/com.automic.filesync.jar:lib/jackson-core-2.15.3.jar
  • /usr/server/bin/plugins/com.automic.repository.jar:lib/jackson-core-2.15.3.jar
  • /usr/server/bin/plugins/jackson-core-2.15.3.jar

Environment

  • Product: Automic Automation
  • Version: 24.4.4
  • Component: Automation Engine Plugins, Analytics

Cause

jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition

 

Resolution

Update to a fixed version listed below or a newer version if available.

Automic Automation Engine 24.4.5 - TBA

Additional Information

Article title: How to register to Broadcom Software Product updates and Critical Alerts

https://knowledge.broadcom.com/external/article?articleId=133819

Powered by Wolken Software