WS-2018-0125 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0125

WS-2018-0125

Published:May 14, 2026

Updated:May 14, 2026

OutOfMemoryError when writing BigDecimal In Jackson Core before version 2.7.7. When enabled the WRITE_BIGDECIMAL_AS_PLAIN setting, Jackson will attempt to write out the whole number, no matter how large the exponent.

Affected Packages

mpa-portable (CONDA):

Affected version(s) =1.4.1 <1.9.0

Fix Suggestion:

Update to version 1.9.0

wdltool (CONDA):

Affected version(s) >=0.6 <=0.14

Fix Suggestion:

Update to version no_fix

pyspark (CONDA):

Affected version(s) >=2.1.0 <3.0.0

Fix Suggestion:

Update to version 3.0.0

nextflow (CONDA):

Affected version(s) >=0.27.0 <0.31.0

Fix Suggestion:

Update to version 0.31.0

beakerx (CONDA):

Affected version(s) >=0.12.2 <=1.4.1

Fix Suggestion:

Update to version no_fix

r-awr (CONDA):

Affected version(s) =1.11.189 <1.11.189_1

Fix Suggestion:

Update to version 1.11.189_1

openrefine (CONDA):

Affected version(s) =2.7 <3.4

Fix Suggestion:

Update to version 3.4

nextflow (CONDA):

Affected version(s) =0.31.1 <0.32.0

Fix Suggestion:

Update to version 0.32.0

cromwell (CONDA):

Affected version(s) >=0.19.4 <0.30

Fix Suggestion:

Update to version 0.30

nextflow (CONDA):

Affected version(s) >=19.01.0 <21.04.0

Fix Suggestion:

Update to version 21.04.0

flapjack (CONDA):

Affected version(s) >=1.16.10.31 <=1.20.10.07

Fix Suggestion:

Update to version no_fix

beakerx (CONDA):

Affected version(s) >=0.3.0.dev0 <0.12.0

Fix Suggestion:

Update to version 0.12.0

pepgenome (CONDA):

Affected version(s) =1.1.beta

Fix Suggestion:

Update to version no_fix

pepquery (CONDA):

Affected version(s) >=1.3.0 <2.0.2

Fix Suggestion:

Update to version 2.0.2

oraclenosqldriver (NUGET):

Affected version(s) >=12.4.5 <=12.4.5.4

Fix Suggestion:

Update to version no_fix

jetbrains.rider.frontend4 (NUGET):

Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208

Fix Suggestion:

Update to version 202.0.20200820.182208

oracle.kv.client (NUGET):

Affected version(s) =12.4.20170407 <12.4.1

Fix Suggestion:

Update to version 12.4.1

copam/phpjasper (PHP):

Affected version(s) >=v1.0 <1.4

Fix Suggestion:

Update to version 1.4

smart145/phpjasper (PHP):

Affected version(s) =v1.10 <v1.11

Fix Suggestion:

Update to version v1.11

smart145/phpjasper (PHP):

Affected version(s) =v1.4 <v1.5

Fix Suggestion:

Update to version v1.5

lopezsoft/jasperphp (PHP):

Affected version(s) >=dev-main <v2.9.3

Fix Suggestion:

Update to version v2.9.3

rdpascua/jasperstarter (PHP):

Affected version(s) >=3.1.0 <3.5.0

Fix Suggestion:

Update to version 3.5.0

eihen/jasperstarter-bin (PHP):

Affected version(s) >=v3.2.1.0 <v3.4.1.0

Fix Suggestion:

Update to version v3.4.1.0

copam/phpjasper7 (PHP):

Affected version(s) >=v1.0 <v1.3

Fix Suggestion:

Update to version v1.3

xidmonx/jasperphp (PHP):

Affected version(s) >=dev-allow-string-parameters <2.7.0

Fix Suggestion:

Update to version 2.7.0

starkliew/jasperphp (PHP):

Affected version(s) >=dev-development <=v2.4.0

Fix Suggestion:

Update to version no_fix

davidecaruso/jasper-php (PHP):

Affected version(s) =v1.0.2

Fix Suggestion:

Update to version no_fix

lavela/phpjasper (PHP):

Affected version(s) =dev-develop <dev-master

Fix Suggestion:

Update to version dev-master

fazo96/jasperphp (PHP):

Affected version(s) >=v1.0.0 <=v2.3.0

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ul

Fix Suggestion:

Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ul

copam/phpjasper7 (PHP):

Affected version(s) =dev-develop <dev-master

Fix Suggestion:

Update to version dev-master

davidecaruso/jasper-php (PHP):

Affected version(s) >=dev-develop <v1.0.0

Fix Suggestion:

Update to version v1.0.0

siu-toba/jasper (PHP):

Affected version(s) >=v5.6 <=v5.6.2

Fix Suggestion:

Update to version no_fix

stesabvba/horizon (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

i4n/phpjasper (PHP):

Affected version(s) =dev-master <1.1.0

Fix Suggestion:

Update to version 1.1.0

minkbear/phpjasper (PHP):

Affected version(s) >=v1.0 <3.0.0

Fix Suggestion:

Update to version 3.0.0

vufind/vufind (PHP):

Affected version(s) >=dev-release-3.0 <v3.1

Fix Suggestion:

Update to version v3.1

vufind/vufind (PHP):

Affected version(s) =dev-feature/foundation5 <dev-release-5.0

Fix Suggestion:

Update to version dev-release-5.0

copam/phpjasper (PHP):

Affected version(s) =v1.4 <v1.5

Fix Suggestion:

Update to version v1.5

ziack/jasperphp (PHP):

Affected version(s) >=v1.0.0 <2.8.0

Fix Suggestion:

Update to version 2.8.0

geekcom/phpjasper-laravel (PHP):

Affected version(s) >=v1.0 <=v1.1

Fix Suggestion:

Update to version no_fix

lavela/phpjasper (PHP):

Affected version(s) >=v1.3 <v2.0

Fix Suggestion:

Update to version v2.0

smart145/phpjasper (PHP):

Affected version(s) =v1.0 <v1.1

Fix Suggestion:

Update to version v1.1

a.ambrogini/phpjasper (PHP):

Affected version(s) >=v1.2 <v2.6

Fix Suggestion:

Update to version v2.6

smart145/phpjasper (PHP):

Affected version(s) >=v1.6 <v1.8

Fix Suggestion:

Update to version v1.8

chrmorandi/yii2-jasper (PHP):

Affected version(s) >=dev-master <v1.1.1

Fix Suggestion:

Update to version v1.1.1

ziack/jasperphp (PHP):

Affected version(s) =dev-development <dev-master

Fix Suggestion:

Update to version dev-master

ziack/jasperphp (PHP):

Affected version(s) =dev-pr/79

Fix Suggestion:

Update to version no_fix

smart145/phpjasper (PHP):

Affected version(s) =v1.16 <2.0

Fix Suggestion:

Update to version 2.0

vufind/vufind (PHP):

Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretry

Fix Suggestion:

Update to version dev-legacy/mink-autoretry

salesfusion/reporter (PHP):

Affected version(s) >=1.0.0 <1.1.4

Fix Suggestion:

Update to version 1.1.4

smart145/phpjasper (PHP):

Affected version(s) >=v2.2 <3.0.0

Fix Suggestion:

Update to version 3.0.0

nealis/jasperphp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

cossou/jasperphp (PHP):

Affected version(s) >=dev-allow-string-parameters <=dev-pr/79

Fix Suggestion:

Update to version no_fix

dericktan/phpjasper (PHP):

Affected version(s) >=dev-master <v1.2

Fix Suggestion:

Update to version v1.2

a.ambrogini/phpjasper (PHP):

Affected version(s) >=dev-develop <v1.1

Fix Suggestion:

Update to version v1.1

dericktan/phpjasper (PHP):

Affected version(s) >=v1.3 <=v1.5.1

Fix Suggestion:

Update to version no_fix

a.ambrogini/phpjasper (PHP):

Affected version(s) >=v2.7 <=2.8

Fix Suggestion:

Update to version no_fix

beakerx (PYTHON):

Affected version(s) >=0.12.2 <=1.4.1

Fix Suggestion:

Update to version no_fix

beakerx (PYTHON):

Affected version(s) >=0.3.0.dev0 <0.12.0

Fix Suggestion:

Update to version 0.12.0

Related Resources (2)

https://github.com/FasterXML/jackson-core/issues/315

https://github.com/FasterXML/jackson-core/commit/96642978dcf1b69cba68ec72cb2f652d59a8b5be

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW