Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformats-text@2.11.1

Type maven

Namespace com.fasterxml.jackson.dataformat

Name jackson-dataformats-text

Version 2.11.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.15.0

Latest_non_vulnerable_version 2.15.0

Affected_by_vulnerabilities

url VCID-ae7x-rft3-zqg7

vulnerability_id VCID-ae7x-rft3-zqg7

summary Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3894

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.2068
published_at	2026-06-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20849
published_at	2026-06-14T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20872
published_at	2026-06-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20854
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3894

reference_url

https://github.com/FasterXML/jackson-dataformats-text

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-dataformats-text

reference_url

https://github.com/FasterXML/jackson-dataformats-text/commit/5dd5f740aedcf37adad7ffece460e75e54abb0ed

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-dataformats-text/commit/5dd5f740aedcf37adad7ffece460e75e54abb0ed

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-3894

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-3894

reference_url

https://github.com/FasterXML/jackson-dataformats-text/pull/398

reference_id

398

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T16:04:30Z/

url

https://github.com/FasterXML/jackson-dataformats-text/pull/398

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083

reference_id

detail?id=50083

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T16:04:30Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083

reference_url

https://github.com/advisories/GHSA-rg2c-cfxv-qp6f

reference_id

GHSA-rg2c-cfxv-qp6f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rg2c-cfxv-qp6f

reference_url

https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x

reference_id

VERSION-2.x

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-27T16:04:30Z/

url

https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x

fixed_packages

url	pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformats-text@2.15.0
purl	pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformats-text@2.15.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformats-text@2.15.0

aliases CVE-2023-3894, GHSA-rg2c-cfxv-qp6f

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ae7x-rft3-zqg7

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformats-text@2.11.1

Package Instance