WS-2018-0125 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0125

WS-2018-0125

Published:May 19, 2026

Updated:May 19, 2026

OutOfMemoryError when writing BigDecimal In Jackson Core before version 2.7.7. When enabled the WRITE_BIGDECIMAL_AS_PLAIN setting, Jackson will attempt to write out the whole number, no matter how large the exponent.

Affected Packages

pepgenome (CONDA):

Affected version(s) =1.1.beta

Fix Suggestion:

Update to version no_fix

mpa-portable (CONDA):

Affected version(s) =1.4.1 <1.9.0

Fix Suggestion:

Update to version 1.9.0

beakerx (CONDA):

Affected version(s) >=0.12.2 <=1.4.1

Fix Suggestion:

Update to version no_fix

pepquery (CONDA):

Affected version(s) >=1.3.0 <2.0.2

Fix Suggestion:

Update to version 2.0.2

beakerx (CONDA):

Affected version(s) >=0.3.0.dev0 <0.12.0

Fix Suggestion:

Update to version 0.12.0

nextflow (CONDA):

Affected version(s) >=0.27.0 <0.31.0

Fix Suggestion:

Update to version 0.31.0

pyspark (CONDA):

Affected version(s) >=2.1.0 <3.0.0

Fix Suggestion:

Update to version 3.0.0

r-awr (CONDA):

Affected version(s) =1.11.189 <1.11.189_1

Fix Suggestion:

Update to version 1.11.189_1

nextflow (CONDA):

Affected version(s) >=19.01.0 <21.04.0

Fix Suggestion:

Update to version 21.04.0

nextflow (CONDA):

Affected version(s) =0.31.1 <0.32.0

Fix Suggestion:

Update to version 0.32.0

wdltool (CONDA):

Affected version(s) >=0.6 <=0.14

Fix Suggestion:

Update to version no_fix

cromwell (CONDA):

Affected version(s) >=0.19.4 <0.30

Fix Suggestion:

Update to version 0.30

flapjack (CONDA):

Affected version(s) >=1.16.10.31 <=1.20.10.07

Fix Suggestion:

Update to version no_fix

openrefine (CONDA):

Affected version(s) =2.7 <3.4

Fix Suggestion:

Update to version 3.4

oraclenosqldriver (NUGET):

Affected version(s) >=12.4.5 <=12.4.5.4

Fix Suggestion:

Update to version no_fix

jetbrains.rider.frontend4 (NUGET):

Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208

Fix Suggestion:

Update to version 202.0.20200820.182208

oracle.kv.client (NUGET):

Affected version(s) =12.4.20170407 <12.4.1

Fix Suggestion:

Update to version 12.4.1

ziack/jasperphp (PHP):

Affected version(s) >=v1.0.0 <2.8.0

Fix Suggestion:

Update to version 2.8.0

lavela/phpjasper (PHP):

Affected version(s) =dev-develop <dev-master

Fix Suggestion:

Update to version dev-master

eihen/jasperstarter-bin (PHP):

Affected version(s) >=v3.2.1.0 <v3.4.1.0

Fix Suggestion:

Update to version v3.4.1.0

smart145/phpjasper (PHP):

Affected version(s) =v1.10 <v1.11

Fix Suggestion:

Update to version v1.11

geekcom/phpjasper-laravel (PHP):

Affected version(s) >=v1.0 <=v1.1

Fix Suggestion:

Update to version no_fix

nealis/jasperphp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

copam/phpjasper (PHP):

Affected version(s) >=v1.0 <1.4

Fix Suggestion:

Update to version 1.4

vufind/vufind (PHP):

Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ul

Fix Suggestion:

Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ul

a.ambrogini/phpjasper (PHP):

Affected version(s) >=v1.2 <v2.6

Fix Suggestion:

Update to version v2.6

a.ambrogini/phpjasper (PHP):

Affected version(s) >=dev-develop <v1.1

Fix Suggestion:

Update to version v1.1

starkliew/jasperphp (PHP):

Affected version(s) >=dev-development <=v2.4.0

Fix Suggestion:

Update to version no_fix

copam/phpjasper7 (PHP):

Affected version(s) >=v1.0 <v1.3

Fix Suggestion:

Update to version v1.3

copam/phpjasper (PHP):

Affected version(s) =v1.4 <v1.5

Fix Suggestion:

Update to version v1.5

rdpascua/jasperstarter (PHP):

Affected version(s) >=3.1.0 <3.5.0

Fix Suggestion:

Update to version 3.5.0

vufind/vufind (PHP):

Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretry

Fix Suggestion:

Update to version dev-legacy/mink-autoretry

cossou/jasperphp (PHP):

Affected version(s) >=dev-allow-string-parameters <=dev-pr/79

Fix Suggestion:

Update to version no_fix

stesabvba/horizon (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

smart145/phpjasper (PHP):

Affected version(s) =v1.4 <v1.5

Fix Suggestion:

Update to version v1.5

lopezsoft/jasperphp (PHP):

Affected version(s) >=dev-main <v2.9.3

Fix Suggestion:

Update to version v2.9.3

lavela/phpjasper (PHP):

Affected version(s) >=v1.3 <v2.0

Fix Suggestion:

Update to version v2.0

davidecaruso/jasper-php (PHP):

Affected version(s) =v1.0.2

Fix Suggestion:

Update to version no_fix

fazo96/jasperphp (PHP):

Affected version(s) >=v1.0.0 <=v2.3.0

Fix Suggestion:

Update to version no_fix

smart145/phpjasper (PHP):

Affected version(s) >=v1.6 <v1.8

Fix Suggestion:

Update to version v1.8

minkbear/phpjasper (PHP):

Affected version(s) >=v1.0 <3.0.0

Fix Suggestion:

Update to version 3.0.0

dericktan/phpjasper (PHP):

Affected version(s) >=dev-master <v1.2

Fix Suggestion:

Update to version v1.2

vufind/vufind (PHP):

Affected version(s) >=dev-release-3.0 <v3.1

Fix Suggestion:

Update to version v3.1

dericktan/phpjasper (PHP):

Affected version(s) >=v1.3 <=v1.5.1

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-feature/foundation5 <dev-release-5.0

Fix Suggestion:

Update to version dev-release-5.0

i4n/phpjasper (PHP):

Affected version(s) =dev-master <1.1.0

Fix Suggestion:

Update to version 1.1.0

xidmonx/jasperphp (PHP):

Affected version(s) >=dev-allow-string-parameters <2.7.0

Fix Suggestion:

Update to version 2.7.0

smart145/phpjasper (PHP):

Affected version(s) >=v2.2 <3.0.0

Fix Suggestion:

Update to version 3.0.0

smart145/phpjasper (PHP):

Affected version(s) =v1.16 <2.0

Fix Suggestion:

Update to version 2.0

chrmorandi/yii2-jasper (PHP):

Affected version(s) >=dev-master <v1.1.1

Fix Suggestion:

Update to version v1.1.1

siu-toba/jasper (PHP):

Affected version(s) >=v5.6 <=v5.6.2

Fix Suggestion:

Update to version no_fix

davidecaruso/jasper-php (PHP):

Affected version(s) >=dev-develop <v1.0.0

Fix Suggestion:

Update to version v1.0.0

smart145/phpjasper (PHP):

Affected version(s) =v1.0 <v1.1

Fix Suggestion:

Update to version v1.1

ziack/jasperphp (PHP):

Affected version(s) =dev-pr/79

Fix Suggestion:

Update to version no_fix

a.ambrogini/phpjasper (PHP):

Affected version(s) >=v2.7 <=2.8

Fix Suggestion:

Update to version no_fix

ziack/jasperphp (PHP):

Affected version(s) =dev-development <dev-master

Fix Suggestion:

Update to version dev-master

copam/phpjasper7 (PHP):

Affected version(s) =dev-develop <dev-master

Fix Suggestion:

Update to version dev-master

salesfusion/reporter (PHP):

Affected version(s) >=1.0.0 <1.1.4

Fix Suggestion:

Update to version 1.1.4

beakerx (PYTHON):

Affected version(s) >=0.3.0.dev0 <0.12.0

Fix Suggestion:

Update to version 0.12.0

beakerx (PYTHON):

Affected version(s) >=0.12.2 <=1.4.1

Fix Suggestion:

Update to version no_fix

Related Resources (2)

https://github.com/FasterXML/jackson-core/issues/315

https://github.com/FasterXML/jackson-core/commit/96642978dcf1b69cba68ec72cb2f652d59a8b5be

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW