WS-2022-0468
Published:May 15, 2026
Updated:May 15, 2026
The jackson-core package is vulnerable to a Denial of Service (DoS) attack. The methods in the classes listed below fail to restrict input size when performing numeric type conversions. A remote attacker can exploit this vulnerability by causing the application to deserialize data containing certain numeric types with large values. Deserializing many of the aforementioned objects may cause the application to exhaust all available resources, resulting in a DoS condition.
Affected Packages
pyspark (CONDA):
Affected version(s) >=3.3.0 <3.3.2Fix Suggestion:
Update to version 3.3.2fiji (CONDA):
Affected version(s) >=20220414 <20250206Fix Suggestion:
Update to version 20250206pyspark (CONDA):
Affected version(s) >=2.1.0 <3.2.3Fix Suggestion:
Update to version 3.2.3mzmine (CONDA):
Affected version(s) >=3.6.0 <=3.9.0Fix Suggestion:
Update to version no_fixmpa-portable (CONDA):
Affected version(s) >=1.4.1 <=2.0.0Fix Suggestion:
Update to version no_fixgorpipe (CONDA):
Affected version(s) =4.5.0Fix Suggestion:
Update to version no_fixgradle (CONDA):
Affected version(s) >=6.4.0 <=7.4.2Fix Suggestion:
Update to version no_fixbeakerx (CONDA):
Affected version(s) >=0.3.0.dev0 <=1.4.1Fix Suggestion:
Update to version no_fixpepquery (CONDA):
Affected version(s) >=1.3.0 <=2.0.2Fix Suggestion:
Update to version no_fixtassel (CONDA):
Affected version(s) =5.2.89Fix Suggestion:
Update to version no_fixixmp (CONDA):
Affected version(s) >=2.0.0 <3.6.0Fix Suggestion:
Update to version 3.6.0pyreportjasper (CONDA):
Affected version(s) >=1.0.2 <=2.1.0Fix Suggestion:
Update to version no_fixr-awr (CONDA):
Affected version(s) =1.11.189 <1.11.189_1Fix Suggestion:
Update to version 1.11.189_1pepgenome (CONDA):
Affected version(s) =1.1.betaFix Suggestion:
Update to version no_fixopenrefine (CONDA):
Affected version(s) >=2.7 <=3.5.0Fix Suggestion:
Update to version no_fixsirius-csifingerid (CONDA):
Affected version(s) >=4.9.3 <5.8.2Fix Suggestion:
Update to version 5.8.2pyspark (CONDA):
Affected version(s) =3.4.1 <3.5.0Fix Suggestion:
Update to version 3.5.0nextflow (CONDA):
Affected version(s) =23.04.1 <23.04.3Fix Suggestion:
Update to version 23.04.3womtool (CONDA):
Affected version(s) >=31 <50Fix Suggestion:
Update to version 50flapjack (CONDA):
Affected version(s) >=1.16.10.31 <=1.20.10.07Fix Suggestion:
Update to version no_fixnextflow (CONDA):
Affected version(s) =23.10.0Fix Suggestion:
Update to version no_fixnextflow (CONDA):
Affected version(s) =0.31.1 <0.32.0Fix Suggestion:
Update to version 0.32.0dsh-bio (CONDA):
Affected version(s) >=2.1 <2.3Fix Suggestion:
Update to version 2.3igv (CONDA):
Affected version(s) >=2.8.4 <2.8.10Fix Suggestion:
Update to version 2.8.10nextflow (CONDA):
Affected version(s) >=0.27.0 <0.31.0Fix Suggestion:
Update to version 0.31.0peptide-shaker (CONDA):
Affected version(s) >=2.0.5 <=3.0.1Fix Suggestion:
Update to version no_fixinterproscan (CONDA):
Affected version(s) >=5.52_86.0 <=5.59_91.0Fix Suggestion:
Update to version no_fixwatchdog-wms (CONDA):
Affected version(s) >=2.0.6 <=2.0.8Fix Suggestion:
Update to version no_fixnextflow (CONDA):
Affected version(s) >=19.01.0 <21.04.0Fix Suggestion:
Update to version 21.04.0wdltool (CONDA):
Affected version(s) >=0.6 <=0.14Fix Suggestion:
Update to version no_fixigvtools (CONDA):
Affected version(s) >=2.14.1 <=2.16.2Fix Suggestion:
Update to version no_fixcromwell (CONDA):
Affected version(s) >=0.19.4 <40Fix Suggestion:
Update to version 40gradle (CONDA):
Affected version(s) >=5.3.1 <6.3.0Fix Suggestion:
Update to version 6.3.0womtool (CONDA):
Affected version(s) =52 <53Fix Suggestion:
Update to version 53igv (CONDA):
Affected version(s) >=2.8.0 <2.8.3Fix Suggestion:
Update to version 2.8.3igv (CONDA):
Affected version(s) >=2.8.11 <=2.16.2Fix Suggestion:
Update to version no_fixflyway.commandline (NUGET):
Affected version(s) >=7.7.3 <9.22.1Fix Suggestion:
Update to version 9.22.1microsoft.azure.workflows.webjobs.extension (NUGET):
Affected version(s) >=1.2.18 <1.94.71Fix Suggestion:
Update to version 1.94.71allurereport.generator (NUGET):
Affected version(s) =0.1.0Fix Suggestion:
Update to version no_fixdynatrace.oneagent.xamarin (NUGET):
Affected version(s) >=8.233.0 <8.273.1Fix Suggestion:
Update to version 8.273.1mases.knetconnect (NUGET):
Affected version(s) >=1.4.7 <2.7.0Fix Suggestion:
Update to version 2.7.0jetbrains.rider.frontend4 (NUGET):
Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208Fix Suggestion:
Update to version 202.0.20200820.182208mases.kafkabridgecli (NUGET):
Affected version(s) >=1.1.7 <=1.1.11Fix Suggestion:
Update to version no_fixmases.knet (NUGET):
Affected version(s) >=1.2.0 <2.7.0Fix Suggestion:
Update to version 2.7.0dynatrace.oneagent.maui (NUGET):
Affected version(s) >=1.265.1 <1.273.1Fix Suggestion:
Update to version 1.273.1oraclenosqldriver (NUGET):
Affected version(s) >=12.4.5 <=12.4.5.4Fix Suggestion:
Update to version no_fixgridgain (NUGET):
Affected version(s) =8.8.38 <8.8.39Fix Suggestion:
Update to version 8.8.39jetbrains.rider.frontend2 (NUGET):
Affected version(s) =203.0.20201229.161815 <203.0.20200923.135724-eap01Fix Suggestion:
Update to version 203.0.20200923.135724-eap01jmeter (NUGET):
Affected version(s) >=5.4.3 <5.6.3Fix Suggestion:
Update to version 5.6.3logstash-binary (NUGET):
Affected version(s) >=7.8.0 <=7.8.1Fix Suggestion:
Update to version no_fixappdynamics.azure.siteextension.java (NUGET):
Affected version(s) >=20.3.0 <20.6.0.1Fix Suggestion:
Update to version 20.6.0.1datax.spark (NUGET):
Affected version(s) =1.0.0-CI-20190314-231915Fix Suggestion:
Update to version no_fixappdynamics.azure.siteextension.javaagent (NUGET):
Affected version(s) >=21.6.1 <24.3.1Fix Suggestion:
Update to version 24.3.1gridgain (NUGET):
Affected version(s) >=8.9.0.1 <8.9.4Fix Suggestion:
Update to version 8.9.4mases.kafkabridge (NUGET):
Affected version(s) >=1.1.2 <=1.1.11Fix Suggestion:
Update to version no_fixoracle.kv.client (NUGET):
Affected version(s) =12.4.20170407 <12.4.1Fix Suggestion:
Update to version 12.4.1jetbrains.rider.frontend2 (NUGET):
Affected version(s) =203.0.20210317.94906 <203.0.20201127.95230-eap09Fix Suggestion:
Update to version 203.0.20201127.95230-eap09royalroad.maui.gradle.packages (NUGET):
Affected version(s) =0.0.3-alphaFix Suggestion:
Update to version no_fixmases.knetcli (NUGET):
Affected version(s) >=1.2.0 <2.7.0Fix Suggestion:
Update to version 2.7.0flyway.commandline.jre (NUGET):
Affected version(s) >=7.15.0 <9.22.1Fix Suggestion:
Update to version 9.22.1gridgain (NUGET):
Affected version(s) >=8.7.6 <8.8.37.1Fix Suggestion:
Update to version 8.8.37.1rdpascua/jasperstarter (PHP):
Affected version(s) =3.6.2Fix Suggestion:
Update to version no_fixa.ambrogini/phpjasper (PHP):
Affected version(s) >=v2.7 <=2.8Fix Suggestion:
Update to version no_fixvufind/vufind (PHP):
Affected version(s) >=dev-release-3.0 <v3.1Fix Suggestion:
Update to version v3.1copam/phpjasper (PHP):
Affected version(s) >=dev-master <1.4Fix Suggestion:
Update to version 1.4lavela/phpjasper (PHP):
Affected version(s) >=v1.3 <v2.0Fix Suggestion:
Update to version v2.0smart145/phpjasper (PHP):
Affected version(s) =dev-develop <dev-masterFix Suggestion:
Update to version dev-mastervufind/vufind (PHP):
Affected version(s) =dev-feature/foundation5 <dev-release-5.0Fix Suggestion:
Update to version dev-release-5.0cossou/jasperphp (PHP):
Affected version(s) >=dev-allow-string-parameters <=dev-pr/79Fix Suggestion:
Update to version no_fixanshul-netgen/jasper-report (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) =3.3.1 <3.3.2Fix Suggestion:
Update to version 3.3.2copam/phpjasper (PHP):
Affected version(s) =v1.4 <v1.5Fix Suggestion:
Update to version v1.5polozpavlo/allure (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixcodelab/flaskphp-identity-esteid (PHP):
Affected version(s) >=v2.0.7 <=v3.0.7Fix Suggestion:
Update to version no_fixdavidecaruso/jasper-php (PHP):
Affected version(s) =v1.0.2Fix Suggestion:
Update to version no_fixdaniel-werner/laravel-schemacrawler (PHP):
Affected version(s) =dev-13-migrate-tests-to-github-actionsFix Suggestion:
Update to version no_fixsellerbox/phpjasper (PHP):
Affected version(s) =dev-mainFix Suggestion:
Update to version no_fixcodelab/flaskphp-identity-smartid (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0eihen/jasperstarter-bin (PHP):
Affected version(s) >=v3.2.1.0 <v3.4.1.0Fix Suggestion:
Update to version v3.4.1.0davidecaruso/jasper-php (PHP):
Affected version(s) >=dev-develop <v1.0.0Fix Suggestion:
Update to version v1.0.0ziack/jasperphp (PHP):
Affected version(s) =dev-development <dev-masterFix Suggestion:
Update to version dev-mastersmart145/phpjasper (PHP):
Affected version(s) >=dev-update_packages <v1.1Fix Suggestion:
Update to version v1.1ziack/jasperphp (PHP):
Affected version(s) =dev-pr/79Fix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) =v1.10 <v1.11Fix Suggestion:
Update to version v1.11rdpascua/jasperstarter (PHP):
Affected version(s) =dev-main <dev-masterFix Suggestion:
Update to version dev-masterfazo96/jasperphp (PHP):
Affected version(s) >=v1.0.0 <=v2.3.0Fix Suggestion:
Update to version no_fixcodelab/flaskphp-identity-smartid (PHP):
Affected version(s) >=v1.4.3 <=v1.6.8Fix Suggestion:
Update to version no_fixsmart145/phpjasper (PHP):
Affected version(s) =v1.16 <2.0Fix Suggestion:
Update to version 2.0codelab/flaskphp-identity-mobileid (PHP):
Affected version(s) >=v1.0.20 <v1.0.22Fix Suggestion:
Update to version v1.0.22smart145/phpjasper (PHP):
Affected version(s) >=v1.6 <v1.8Fix Suggestion:
Update to version v1.8stesabvba/horizon (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixvufind/vufind (PHP):
Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretryFix Suggestion:
Update to version dev-legacy/mink-autoretryxidmonx/jasperphp (PHP):
Affected version(s) >=dev-allow-string-parameters <2.7.0Fix Suggestion:
Update to version 2.7.0codelab/flaskphp-identity-esteid (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0ziack/jasperphp (PHP):
Affected version(s) >=v1.0.0 <2.8.0Fix Suggestion:
Update to version 2.8.0copam/phpjasper (PHP):
Affected version(s) =v1.5.x-devFix Suggestion:
Update to version no_fixdhenyson/jasper-report-php (PHP):
Affected version(s) >=dev-main <=1.0.0Fix Suggestion:
Update to version no_fixjheferson-br/phpjasper (PHP):
Affected version(s) =4.0.6Fix Suggestion:
Update to version no_fixsiu-toba/jasper (PHP):
Affected version(s) >=v5.6 <=v5.6.2Fix Suggestion:
Update to version no_fixdaniel-werner/laravel-schemacrawler (PHP):
Affected version(s) =dev-dependabot/composer/symfony/http-kernel-5.4.20 <dev-analysis-qrWRb9Fix Suggestion:
Update to version dev-analysis-qrWRb9starkliew/jasperphp (PHP):
Affected version(s) >=dev-development <=v2.4.0Fix Suggestion:
Update to version no_fixa.ambrogini/phpjasper (PHP):
Affected version(s) >=dev-develop <v1.1Fix Suggestion:
Update to version v1.1rdpascua/reporter (PHP):
Affected version(s) =dev-mainFix Suggestion:
Update to version no_fixgeekcom/phpjasper-laravel (PHP):
Affected version(s) >=v1.0 <=v1.1Fix Suggestion:
Update to version no_fixlopezsoft/jasperphp (PHP):
Affected version(s) >=dev-main <=2.9.7Fix Suggestion:
Update to version no_fixpenblu/jasperphp (PHP):
Affected version(s) =1.0.1Fix Suggestion:
Update to version no_fixmerlinthemagic/mtm-signal-api (PHP):
Affected version(s) =dev-mainFix Suggestion:
Update to version no_fixcodelab/flaskphp-identity-smartid (PHP):
Affected version(s) =v1.4.0 <v1.4.1Fix Suggestion:
Update to version v1.4.1lavela/phpjasper (PHP):
Affected version(s) =dev-develop <dev-masterFix Suggestion:
Update to version dev-mastercopam/phpjasper7 (PHP):
Affected version(s) >=dev-develop <v1.3Fix Suggestion:
Update to version v1.3smart145/phpjasper (PHP):
Affected version(s) >=3.1.0 <3.3.0Fix Suggestion:
Update to version 3.3.0nealis/jasperphp (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixi4n/phpjasper (PHP):
Affected version(s) =dev-master <1.1.0Fix Suggestion:
Update to version 1.1.0smart145/phpjasper (PHP):
Affected version(s) >=dev-add_franklin_gothic_font <dev-century_gothic_fontFix Suggestion:
Update to version dev-century_gothic_fontdericktan/phpjasper (PHP):
Affected version(s) >=v1.3 <=v1.5.1Fix Suggestion:
Update to version no_fixrdpascua/jasperstarter (PHP):
Affected version(s) >=3.1.0 <3.5.0Fix Suggestion:
Update to version 3.5.0smart145/phpjasper (PHP):
Affected version(s) >=v2.2 <3.0.1Fix Suggestion:
Update to version 3.0.1smart145/phpjasper (PHP):
Affected version(s) =v1.4 <v1.5Fix Suggestion:
Update to version v1.5drsoft/laraveljasper (PHP):
Affected version(s) >=dev-main <=v1.0Fix Suggestion:
Update to version no_fixchrmorandi/yii2-jasper (PHP):
Affected version(s) >=dev-master <v1.1.1Fix Suggestion:
Update to version v1.1.1codelab/flaskphp-identity-mobileid (PHP):
Affected version(s) >=v1.0.29 <=v1.0.44Fix Suggestion:
Update to version no_fixvufind/vufind (PHP):
Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ulFix Suggestion:
Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ulcodelab/flaskphp-identity-mobileid (PHP):
Affected version(s) =dev-master <v1.0.0Fix Suggestion:
Update to version v1.0.0muhammettotan/phpjasper (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixa.ambrogini/phpjasper (PHP):
Affected version(s) >=v1.2 <v2.6Fix Suggestion:
Update to version v2.6codelab/flaskphp-identity-mobileid (PHP):
Affected version(s) =v1.0.18 <v1.0.19Fix Suggestion:
Update to version v1.0.19erw/phpjasperstarter (PHP):
Affected version(s) >=dev-main <=1.0.0Fix Suggestion:
Update to version no_fixdstecnologias/phpjasper (PHP):
Affected version(s) =dev-masterFix Suggestion:
Update to version no_fixdericktan/phpjasper (PHP):
Affected version(s) >=dev-master <v1.2Fix Suggestion:
Update to version v1.2salesfusion/reporter (PHP):
Affected version(s) >=1.0.0 <1.1.4Fix Suggestion:
Update to version 1.1.4geekcom/phpjasper (PHP):
Affected version(s) =dev-master <v1.0Fix Suggestion:
Update to version v1.0minkbear/phpjasper (PHP):
Affected version(s) >=dev-develop <=3.3.1Fix Suggestion:
Update to version no_fixstradaaccellog/phpjasper (PHP):
Affected version(s) >=dev-develop <v1.0Fix Suggestion:
Update to version v1.0pyspark (PYTHON):
Affected version(s) =3.4.1 <3.5.0Fix Suggestion:
Update to version 3.5.0beakerx (PYTHON):
Affected version(s) >=0.3.0.dev0 <=1.4.1Fix Suggestion:
Update to version no_fixnextflow (PYTHON):
Affected version(s) =23.10.0Fix Suggestion:
Update to version no_fixixmp (PYTHON):
Affected version(s) >=2.0.0 <3.6.0Fix Suggestion:
Update to version 3.6.0pyspark (PYTHON):
Affected version(s) >=3.3.0 <3.3.2Fix Suggestion:
Update to version 3.3.2pyreportjasper (PYTHON):
Affected version(s) >=1.0.2 <=2.1.0Fix Suggestion:
Update to version no_fixRelated Resources (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH