13869 2023-10-18 20:26:57 +0300 [CVE 21] jackson-dataformats-text 2.9.8 CVEs found 2023-12-12 01:43:20 +0300 1 1 2 ROSA-based products ROSA Fresh System (kernel, glibc, systemd, bash, PAM...) All All Linux RESOLVED WONTFIX CVE-2023-3894, Highest critical --- 1 y.tumanov bugs e.kosachev s.matveev v.potapov y.tumanov 2021.1 oldest_to_newest 69757 0 y.tumanov 2023-10-18 20:26:57 +0300 Please patch CVEs for package jackson-dataformats-text version 2.9.8 INFO (CVEs are): jackson-dataformats-text 2.9.8 cves found CVE-2023-3894 Desc: Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-3894 Severity: HIGH 70194 1 v.potapov 2023-10-20 17:01:35 +0300 *** Bug 13737 has been marked as a duplicate of this bug. *** 70196 2 v.potapov 2023-10-20 17:01:47 +0300 *** Bug 13544 has been marked as a duplicate of this bug. *** 71463 3 s.matveev 2023-12-12 01:43:20 +0300 Входит в java-стек, который пока обновляться не будет