Search for vulnerabilities
| Vulnerability ID | VCID-213j-gkjs-aaab |
| Aliases |
CVE-2023-35116
|
| Summary | ** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. |
| Status | Disputed |
| Exploitability | 0.5 |
| Weighted Severity | 6.8 |
| Risk | 3.4 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-35116.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2023-35116 | ||
| https://github.com/FasterXML/jackson-databind/issues/3972 | ||
| 2215214 | https://bugzilla.redhat.com/show_bug.cgi?id=2215214 | |
| cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* | |
| CVE-2023-35116 | https://nvd.nist.gov/vuln/detail/CVE-2023-35116 | |
| RHSA-2023:5396 | https://access.redhat.com/errata/RHSA-2023:5396 | |
| RHSA-2024:0719 | https://access.redhat.com/errata/RHSA-2024:0719 | |
| RHSA-2024:0777 | https://access.redhat.com/errata/RHSA-2024:0777 | |
| RHSA-2024:1027 | https://access.redhat.com/errata/RHSA-2024:1027 | |
| RHSA-2024:2707 | https://access.redhat.com/errata/RHSA-2024:2707 | |
| RHSA-2024:6893 | https://access.redhat.com/errata/RHSA-2024:6893 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.01784 |
| EPSS Score | 0.00015 |
| Published At | April 15, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-04-19T13:00:42.559199+00:00 | NVD CVE Status Improver | Improve | https://cveawg.mitre.org/api/cve/CVE-2023-35116 | 36.0.0 |