{"schema_version":"1.7.2","id":"OESA-2021-1140","modified":"2021-04-07T11:02:49Z","published":"2021-04-07T11:02:49Z","upstream":["CVE-2020-28491"],"summary":"jackson-dataformats-binary security update","details":"This module is a multi-module umbrella project for Jackson standard binary dataformat backends. Dataformat backends are used to support format alternatives to JSON, using general-purpose Jackson API. Formats included allow access using all 3 API styles (streaming, databinding, tree model).\r\n\r\nSecurity Fix(es):\r\n\r\nThis affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.(CVE-2020-28491)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"jackson-dataformats-binary","purl":"pkg:rpm/openEuler/jackson-dataformats-binary\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-6.oe1"}]}],"ecosystem_specific":{"noarch":["jackson-dataformats-binary-2.9.4-6.oe1.noarch.rpm"],"src":["jackson-dataformats-binary-2.9.4-6.oe1.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1140"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28491"}],"database_specific":{"severity":"High"}}