WS-2018-0124
Published:May 14, 2026
Updated:May 14, 2026
In Jackson Core before version 2.8.6 if the REST endpoint consumes POST requests with JSON or XML data and data are invalid, the first unrecognized token is printed to server.log. If the first token is word of length 10MB, the whole word is printed. This is potentially dangerous and can be used to attack the server by filling the disk with logs.
Affected Packages
openrefine (CONDA):
Affected version(s) =2.7 <3.4Fix Suggestion:
Update to version 3.4beakerx (CONDA):
Affected version(s) >=0.12.2 <=1.4.1Fix Suggestion:
Update to version no_fixmpa-portable (CONDA):
Affected version(s) =1.4.1 <1.9.0Fix Suggestion:
Update to version 1.9.0nextflow (CONDA):
Affected version(s) >=19.01.0 <21.04.0Fix Suggestion:
Update to version 21.04.0womtool (CONDA):
Affected version(s) >=31 <50Fix Suggestion:
Update to version 50flapjack (CONDA):
Affected version(s) >=1.16.10.31 <=1.20.10.07Fix Suggestion:
Update to version no_fixnextflow (CONDA):
Affected version(s) >=0.27.0 <0.31.0Fix Suggestion:
Update to version 0.31.0r-awr (CONDA):
Affected version(s) =1.11.189 <1.11.189_1Fix Suggestion:
Update to version 1.11.189_1pepgenome (CONDA):
Affected version(s) =1.1.betaFix Suggestion:
Update to version no_fixwomtool (CONDA):
Affected version(s) =52 <53Fix Suggestion:
Update to version 53nextflow (CONDA):
Affected version(s) =0.31.1 <0.32.0Fix Suggestion:
Update to version 0.32.0beakerx (CONDA):
Affected version(s) >=0.3.0.dev0 <0.12.0Fix Suggestion:
Update to version 0.12.0pepquery (CONDA):
Affected version(s) >=1.3.0 <2.0.2Fix Suggestion:
Update to version 2.0.2pyspark (CONDA):
Affected version(s) >=2.1.0 <3.0.0Fix Suggestion:
Update to version 3.0.0wdltool (CONDA):
Affected version(s) >=0.6 <=0.14Fix Suggestion:
Update to version no_fixcromwell (CONDA):
Affected version(s) >=0.19.4 <40Fix Suggestion:
Update to version 40oraclenosqldriver (NUGET):
Affected version(s) >=12.4.5 <=12.4.5.4Fix Suggestion:
Update to version no_fixoracle.kv.client (NUGET):
Affected version(s) =12.4.20170407 <12.4.1Fix Suggestion:
Update to version 12.4.1jetbrains.rider.frontend4 (NUGET):
Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208Fix Suggestion:
Update to version 202.0.20200820.182208copam/phpjasper (PHP):
Affected version(s) =v1.4 <v1.5Fix Suggestion:
Update to version v1.5copam/phpjasper7 (PHP):
Affected version(s) =dev-develop <dev-masterFix Suggestion:
Update to version dev-masterchrmorandi/yii2-jasper (PHP):
Affected version(s) >=dev-master <v1.1.1Fix Suggestion:
Update to version v1.1.1a.ambrogini/phpjasper (PHP):
Affected version(s) >=dev-develop <v1.1Fix Suggestion:
Update to version v1.1minkbear/phpjasper (PHP):
Affected version(s) >=v1.0 <3.0.0Fix Suggestion:
Update to version 3.0.0geekcom/phpjasper-laravel (PHP):
Affected version(s) >=v1.0 <=v1.1Fix Suggestion:
Update to version no_fixziack/jasperphp (PHP):
Affected version(s) =dev-pr/79Fix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) =v1.16 <2.0Fix Suggestion:
Update to version 2.0nealis/jasperphp (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixcodelab/flaskphp-identity-smartid (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0lavela/phpjasper (PHP):
Affected version(s) =dev-develop <dev-masterFix Suggestion:
Update to version dev-masterdericktan/phpjasper (PHP):
Affected version(s) >=v1.3 <=v1.5.1Fix Suggestion:
Update to version no_fixcodelab/flaskphp-identity-smartid (PHP):
Affected version(s) =v1.4.0 <v1.4.1Fix Suggestion:
Update to version v1.4.1vufind/vufind (PHP):
Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ulFix Suggestion:
Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ulvufind/vufind (PHP):
Affected version(s) =dev-feature/foundation5 <dev-release-5.0Fix Suggestion:
Update to version dev-release-5.0lopezsoft/jasperphp (PHP):
Affected version(s) >=dev-main <v2.9.3Fix Suggestion:
Update to version v2.9.3rdpascua/jasperstarter (PHP):
Affected version(s) >=3.1.0 <3.5.0Fix Suggestion:
Update to version 3.5.0copam/phpjasper (PHP):
Affected version(s) >=v1.0 <1.4Fix Suggestion:
Update to version 1.4smart145/phpjasper (PHP):
Affected version(s) =v1.4 <v1.5Fix Suggestion:
Update to version v1.5smart145/phpjasper (PHP):
Affected version(s) =v1.0 <v1.1Fix Suggestion:
Update to version v1.1a.ambrogini/phpjasper (PHP):
Affected version(s) >=v2.7 <=2.8Fix Suggestion:
Update to version no_fixeihen/jasperstarter-bin (PHP):
Affected version(s) >=v3.2.1.0 <v3.4.1.0Fix Suggestion:
Update to version v3.4.1.0cossou/jasperphp (PHP):
Affected version(s) >=dev-allow-string-parameters <=dev-pr/79Fix Suggestion:
Update to version no_fixcopam/phpjasper7 (PHP):
Affected version(s) >=v1.0 <v1.3Fix Suggestion:
Update to version v1.3smart145/phpjasper (PHP):
Affected version(s) >=v2.2 <3.0.0Fix Suggestion:
Update to version 3.0.0i4n/phpjasper (PHP):
Affected version(s) =dev-master <1.1.0Fix Suggestion:
Update to version 1.1.0ziack/jasperphp (PHP):
Affected version(s) =dev-development <dev-masterFix Suggestion:
Update to version dev-masterxidmonx/jasperphp (PHP):
Affected version(s) >=dev-allow-string-parameters <2.7.0Fix Suggestion:
Update to version 2.7.0salesfusion/reporter (PHP):
Affected version(s) >=1.0.0 <1.1.4Fix Suggestion:
Update to version 1.1.4ziack/jasperphp (PHP):
Affected version(s) >=v1.0.0 <2.8.0Fix Suggestion:
Update to version 2.8.0vufind/vufind (PHP):
Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretryFix Suggestion:
Update to version dev-legacy/mink-autoretrycodelab/flaskphp-identity-smartid (PHP):
Affected version(s) >=v1.4.3 <=v1.6.8Fix Suggestion:
Update to version no_fixfazo96/jasperphp (PHP):
Affected version(s) >=v1.0.0 <=v2.3.0Fix Suggestion:
Update to version no_fixdericktan/phpjasper (PHP):
Affected version(s) >=dev-master <v1.2Fix Suggestion:
Update to version v1.2a.ambrogini/phpjasper (PHP):
Affected version(s) >=v1.2 <v2.6Fix Suggestion:
Update to version v2.6vufind/vufind (PHP):
Affected version(s) >=dev-release-3.0 <v3.1Fix Suggestion:
Update to version v3.1starkliew/jasperphp (PHP):
Affected version(s) >=dev-development <=v2.4.0Fix Suggestion:
Update to version no_fixdavidecaruso/jasper-php (PHP):
Affected version(s) =v1.0.2Fix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) =v1.10 <v1.11Fix Suggestion:
Update to version v1.11siu-toba/jasper (PHP):
Affected version(s) >=v5.6 <=v5.6.2Fix Suggestion:
Update to version no_fixstesabvba/horizon (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixdavidecaruso/jasper-php (PHP):
Affected version(s) >=dev-develop <v1.0.0Fix Suggestion:
Update to version v1.0.0smart145/phpjasper (PHP):
Affected version(s) >=v1.6 <v1.8Fix Suggestion:
Update to version v1.8lavela/phpjasper (PHP):
Affected version(s) >=v1.3 <v2.0Fix Suggestion:
Update to version v2.0beakerx (PYTHON):
Affected version(s) >=0.3.0.dev0 <0.12.0Fix Suggestion:
Update to version 0.12.0beakerx (PYTHON):
Affected version(s) >=0.12.2 <=1.4.1Fix Suggestion:
Update to version no_fixRelated Resources (2)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW