vulnerability
Ubuntu: (CVE-2020-28491): jackson-dataformat-cbor vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Feb 18, 2021 | Jun 26, 2025 | Aug 18, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Feb 18, 2021
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
Solution
no-fix-ubuntu-package
References
- CVE-2020-28491
- https://attackerkb.com/topics/CVE-2020-28491
- CWE-770
- URL-https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6
- URL-https://github.com/FasterXML/jackson-dataformats-binary/issues/186
- URL-https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329
- URL-https://www.cve.org/CVERecord?id=CVE-2020-28491
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.