vulnerability
Red Hat JBoss EAP: CVE-2021-46877: Allocation of Resources Without Limits or Throttling
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Mar 19, 2023 | Sep 19, 2024 | Jul 2, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Mar 19, 2023
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.. A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-770
- CVE-2021-46877
- https://attackerkb.com/topics/CVE-2021-46877
- URL-https://access.redhat.com/security/cve/CVE-2021-46877
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2185707
- URL-https://access.redhat.com/errata/RHSA-2023:4505
- URL-https://access.redhat.com/errata/RHSA-2023:4506
- URL-https://access.redhat.com/errata/RHSA-2023:4507
- URL-https://access.redhat.com/errata/RHSA-2023:4509
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.