jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. https://github.com/FasterXML/jackson-databind/issues/3328 https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw
Created jackson-databind tracking bugs for this issue: Affects: fedora-36 [bug 2185709] Affects: fedora-37 [bug 2185711]
This issue has been addressed in the following products: Red Hat AMQ Streams 2.4.0 Via RHSA-2023:3223 https://access.redhat.com/errata/RHSA-2023:3223
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-46877
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.13 Via RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:3373 https://access.redhat.com/errata/RHSA-2023:3373
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.12 Via RHSA-2023:3610 https://access.redhat.com/errata/RHSA-2023:3610
This issue has been addressed in the following products: RHINT Service Registry 2.4.3 GA Via RHSA-2023:3815 https://access.redhat.com/errata/RHSA-2023:3815
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2023:4509 https://access.redhat.com/errata/RHSA-2023:4509
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:4505 https://access.redhat.com/errata/RHSA-2023:4505
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:4506 https://access.redhat.com/errata/RHSA-2023:4506
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:4507 https://access.redhat.com/errata/RHSA-2023:4507
This issue has been addressed in the following products: MTA-6.2-RHEL-9 MTA-6.2-RHEL-8 Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
This issue has been addressed in the following products: Red Hat support for Spring Boot 2.7.13 Via RHSA-2023:4612 https://access.redhat.com/errata/RHSA-2023:4612
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:4919 https://access.redhat.com/errata/RHSA-2023:4919
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:4918 https://access.redhat.com/errata/RHSA-2023:4918
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:4921 https://access.redhat.com/errata/RHSA-2023:4921
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:4920 https://access.redhat.com/errata/RHSA-2023:4920
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6.5 Via RHSA-2023:4924 https://access.redhat.com/errata/RHSA-2023:4924
This issue has been addressed in the following products: RHINT Camel-Springboot 3.18.3.2 Via RHSA-2023:5147 https://access.redhat.com/errata/RHSA-2023:5147
This issue has been addressed in the following products: Red Hat Satellite 6 puppetserver Via https://access.redhat.com/errata/RHSA-2023:2097