Vulnerability from csaf_suse
Published
2022-05-16 08:19
Modified
2022-05-16 08:19
Summary
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
Notes
Title of the patch
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
Description of the patch
This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues:
Security issues fixed:
- CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132)
- CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616)
- CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481)
Non security fixes:
jackson-annotations - update from version 2.10.2 to version 2.13.0:
+ Build with source/target levels 8
+ Add 'mvnw' wrapper
+ 'JsonSubType.Type' should accept array of names
+ Jackson version alignment with Gradle 6
+ Add '@JsonIncludeProperties'
+ Add '@JsonTypeInfo(use=DEDUCTION)'
+ Ability to use '@JsonAnyGetter' on fields
+ Add '@JsonKey' annotation
+ Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping
+ Add 'namespace' property for '@JsonProperty' (for XML module)
+ Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue'
+ 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null'
+ Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven
jackson-bom - update from version 2.10.2 to version 2.13.0:
+ Configure moditect plugin with '<jvmVersion>11</jvmVersion>'
+ jackson-bom manages the version of 'junit:junit'
+ Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes)
+ Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts
(Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers)
+ Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2)
+ Add (beta) version for 'jackson-dataformat-toml'
+ Jakarta 9 artifact versions are missing from jackson-bom
+ Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata)
+ Add default settings for 'build-helper-maven-plugin'
+ Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later)
+ Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+
+ Add missing version for jackson-datatype-eclipse-collections
jackson-core - update from version 2.10.2 to version 2.13.0:
+ Build with source and target levels 8
+ Misleading exception for input source when processing byte buffer with start offset
+ Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()'
+ Add 'StreamWriteException' type to eventually replace 'JsonGenerationException'
+ Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in
'JsonParser'
+ Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()'
+ Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in
'JsonParser'/'JsonGenerator
+ Introduce O(n^1.5) BigDecimal parser implementation
+ ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null
+ UTF32Reader ArrayIndexOutOfBoundsException
+ Improve exception/JsonLocation handling for binary content: don't show content, include byte offset
+ Fix an issue with the TokenFilter unable to ignore properties when deserializing.
+ Optimize array allocation by 'JsonStringEncoder'
+ Add 'mvnw' wrapper
+ (partial) Optimize array allocation by 'JsonStringEncoder'
+ Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers'
(like 'getJsonStringEncoder()')
+ 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)'
+ Allow 'optional-padding' for 'Base64Variant'
+ More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion')
+ Publish Gradle Module Metadata
+ Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements
+ Add 'JsonParser.isExpectedNumberIntToken()' convenience method
+ Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements
+ Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering
+ Limit initial allocated block size by 'ByteArrayBuilder' to max block size
+ Add 'JacksonException' as parent class of 'JsonProcessingException'
+ Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public
+ Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead)
+ Full 'LICENSE' included in jar for easier access by compliancy tools
+ Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator'
+ Add a String Array write method in the Streaming API
+ Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber'
+ Add JsonGenerator#writeNumber(char[], int, int) method
+ Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called
+ 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'
+ Optionally allow leading decimal in float tokens
+ Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven
+ Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens
+ Handle case when system property access is restricted
+ 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'
+ DataFormatMatcher#getMatchedFormatName throws NPE when no match exists
+ 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads
jackson-databind - update from version 2.10.5.1 to version 2.13.0:
+ '@JsonValue' with integer for enum does not deserialize correctly
+ 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message
+ Add 'DatabindException' as intermediate subtype of 'JsonMappingException'
+ Jackson does not support deserializing new Java 9 unmodifiable collections
+ Allocate TokenBuffer instance via context objects (to
allow format-specific buffer types)
+ Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper'
+ Add 'DeserializationContext.readTreeAsValue()' methods
for more convenient conversions for deserializers to use
+ Clean up support of typed 'unmodifiable', 'singleton'
Maps/Sets/Collections
+ Extend internal bitfield of 'MapperFeature' to be
'long'
+ Add 'removeMixIn()' method in 'MapperBuilder'
+ Backport 'MapperBuilder' lambda-taking methods:
'withConfigOverride()', 'withCoercionConfig()',
'withCoercionConfigDefaults()'
+ configOverrides(boolean.class) silently ignored,
whereas .configOverride(Boolean.class) works for both
primitives and boxed boolean values
+ Dont track unknown props in buffer if
'ignoreAllUnknown' is true
+ Should allow deserialization of java.time types via
opaque 'JsonToken.VALUE_EMBEDDED_OBJECT'
+ Optimize 'AnnotatedConstructor.call()' case by passing
explicit null
+ Add AnnotationIntrospector.XmlExtensions interface for
decoupling javax dependencies
+ Custom SimpleModule not included in list returned by
ObjectMapper.getRegisteredModuleIds() after registration
+ Use more limiting default visibility settings for JDK
types (java.*, javax.*)
+ Deep merge for 'JsonNode' using 'ObjectReader.readTree()'
+ IllegalArgumentException: Conflicting setter
definitions for property with more than 2 setters
+ Serializing java.lang.Thread fails on JDK 11 and above
+ String-based 'Map' key deserializer is not
deterministic when there is no single arg constructor
+ Add ArrayNode#set(int index, primitive_type value)
+ JsonStreamContext 'currentValue' wrongly references to
'@JsonTypeInfo' annotated object
+ DOM 'Node' serialization omits the default namespace
declaration
+ Support 'suppressed' property when deserializing 'Throwable'
+ 'AnnotatedMember.equals()' does not work reliably
+ Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module
+ For an absent property Jackson injects 'NullNode'
instead of 'null' to a JsonNode-typed constructor argument of
a '@ConstructorProperties'-annotated constructor
+ 'XMLGregorianCalendar' doesn't work with default typing
+ Content 'null' handling not working for root values
+ StdDeserializer rejects blank (all-whitespace) strings
for ints
+ 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with
'DefaultTypeResolverBuilder'
+ Add PropertyNamingStrategies.UpperSnakeCaseStrategy
(and UPPER_SNAKE_CASE constant)
+ StackOverflowError when serializing JsonProcessingException
+ Support for BCP 47 'java.util.Locale' serialization/deserialization
+ String property deserializes null as 'null' for
JsonTypeInfo.As.EXISTING_PROPERTY
+ Can not deserialize json to enum value with
Object-/Array-valued input, '@JsonCreator'
+ Fix to avoid problem with 'BigDecimalNode', scale of
'Integer.MIN_VALUE'
+ Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover
coercion from (Empty) String via 'AsNull'
+ Add 'mvnw' wrapper
+ (regression) Factory method generic type resolution
does not use Class-bound type parameter
+ Deserialization of 'empty' subtype with DEDUCTION failed
+ Merge findInjectableValues() results in
AnnotationIntrospectorPair
+ READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't
work with empty strings
+ 'TypeFactory' cannot convert 'Collection' sub-type
without type parameters to canonical form and back
+ Fix for [modules-java8#207]: prevent fail on secondary Java 8
date/time types
+ EXTERNAL_PROPERTY does not work well with '@JsonCreator'
and 'FAIL_ON_UNKNOWN_PROPERTIES'
+ String property deserializes null as 'null' for
'JsonTypeInfo.As.EXTERNAL_PROPERTY'
+ Property ignorals cause 'BeanDeserializer 'to forget
how to read from arrays (not copying
'_arrayDelegateDeserializer')
+ UntypedObjectDeserializer' mixes multiple unwrapped
collections (related to #2733)
+ Two cases of incorrect error reporting about
DeserializationFeature
+ Bug in polymorphic deserialization with '@JsonCreator',
'@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY'
+ Polymorphic subtype deduction ignores 'defaultImpl'
attribute
+ MismatchedInputException: Cannot deserialize instance
of 'com.fasterxml.jackson.databind.node.ObjectNode' out of
VALUE_NULL token
+ Missing override for 'hasAsKey()' in
'AnnotationIntrospectorPair'
+ Creator lookup fails with 'InvalidDefinitionException'
for conflict between single-double/single-Double arg constructor
+ 'MapDeserializer' forcing 'JsonMappingException'
wrapping even if WRAP_EXCEPTIONS set to false
+ Auto-detection of constructor-based creator method
skipped if there is an annotated factory-based creator method
(regression from 2.11)
+ 'ObjectMapper.treeToValue()' no longer invokes
'JsonDeserializer.getNullValue()'
+ DeserializationProblemHandler is not invoked when
trying to deserialize String
+ Fix failing 'double' JsonCreators in jackson 2.12.0
+ Conflicting in POJOPropertiesCollector when having
namingStrategy
+ Breaking API change in 'BasicClassIntrospector' (2.12.0)
+ 'JsonNode.requiredAt()' does NOT fail on some path expressions
+ Exception thrown when 'Collections.synchronizedList()'
is serialized with type info, deserialized
+ Add option to resolve type from multiple existing
properties, '@JsonTypeInfo(use=DEDUCTION)'
+ '@JsonIgnoreProperties' does not prevent Exception
Conflicting getter/setter definitions for property
+ Deserialization Not Working Right with Generic Types and
Builders
+ Add '@JsonIncludeProperties(propertyNames)' (reverse of
'@JsonIgnoreProperties')
+ '@JsonAnyGetter' should be allowed on a field
+ Allow handling of single-arg constructor as property
based by default
+ Allow case insensitive deserialization of String value
into 'boolean'/'Boolean' (esp for Excel)
+ Allow use of '@JsonFormat(with=JsonFormat.Feature
.ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class
+ Abstract class included as part of known type ids for
error message when using JsonSubTypes
+ Distinguish null from empty string for UUID
deserialization
+ 'ReferenceType' does not expose valid containedType
+ Add 'CoercionConfig[s]' mechanism for configuring
allowed coercions
+ 'JsonProperty.Access.READ_ONLY' does not work with
'getter-as-setter' 'Collection's
+ Support 'BigInteger' and 'BigDecimal' creators in
'StdValueInstantiator'
+ 'JsonProperty.Access.READ_ONLY' fails with collections
when a property name is specified
+ 'BigDecimal' precision not retained for polymorphic
deserialization
+ Support use of 'Void' valued properties
('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES')
+ Explicitly fail (de)serialization of 'java.time.*'
types in absence of registered custom (de)serializers
+ Improve description included in by
'DeserializationContext.handleUnexpectedToken()'
+ Support for JDK 14 record types ('java.lang.Record')
+ 'PropertyNamingStrategy' class initialization depends
on its subclass, this can lead to class loading deadlock
+ 'FAIL_ON_IGNORED_PROPERTIES' does not throw on
'READONLY' properties with an explicit name
+ Add Gradle Module Metadata for version alignment with
Gradle 6
+ Allow 'JsonNode' auto-convert into 'ArrayNode' if
duplicates found (for XML)
+ Allow values of 'untyped' auto-convert into 'List' if
duplicates found (for XML)
+ Add 'ValueInstantiator.createContextual(...)
+ Support multiple names in 'JsonSubType.Type'
+ Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic
deserialization of Enums
+ Explicitly fail (de)serialization of 'org.joda.time.*'
types in absence of registered custom (de)serializers
+ Trailing zeros are stripped when deserializing
BigDecimal values inside a @JsonUnwrapped property
+ Extract getter/setter/field name mangling from
'BeanUtil' into pluggable 'AccessorNamingStrategy'
+ Throw 'InvalidFormatException' instead of
'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion
failures
+ Add '@JsonKey' annotation (similar to '@JsonValue') for
customizable serialization of Map keys
+ 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should
work for enum as keys
+ Add support for disabling special handling of 'Creator
properties' wrt alphabetic property ordering
+ Add 'JsonNode.canConvertToExactIntegral()' to indicate
whether floating-point/BigDecimal values could be converted to
integers losslessly
+ Improve static factory method generic type resolution
logic
+ Allow preventing 'Enum from integer' coercion using new
'CoercionConfig' system
+ '@JsonValue' not considered when evaluating inclusion
+ Make some java platform modules optional
+ Add support for serializing 'java.sql.Blob'
+ 'AnnotatedCreatorCollector' should avoid processing
synthetic static (factory) methods
+ Add errorprone static analysis profile to detect bugs at build time
+ Problem with implicit creator name detection for constructor detection
+ Add 'BeanDeserializerBase.isCaseInsensitive()'
+ Refactoring of 'CollectionDeserializer' to solve CSV array handling issues
+ Full 'LICENSE' included in jar for easier access by compliancy tools
+ Fix type resolution for static methods (regression in 2.11.3)
+ '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo',
'PropertyGenerator'
+ Add debug improvements about 'ClassUtil.getClassMethods()'
+ Cannot detect creator arguments of mixins for JDK types
+ Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer')
+ Json serialization fails or a specific case that
contains generics and static methods with generic parameters
(2.11.1 -> 2.11.2 regression)
+ 'ObjectMapper.activateDefaultTypingAsProperty()' is not
using parameter 'PolymorphicTypeValidator'
+ Problem deserialization 'raw generic' fields
(like 'Map') in 2.11.2
+ Fix issues with 'MapLikeType.isTrueMapType()',
'CollectionLikeType.isTrueCollectionType()'
+ Parser/Generator features not set when using
'ObjectMapper.createParser()', 'createGenerator()'
+ Polymorphic subtypes not registering on copied
ObjectMapper (2.11.1)
+ Failure to read AnnotatedField value in Jackson 2.11
+ 'TypeFactory.constructType()' does not take
'TypeBindings' correctly
+ Builder Deserialization with JsonCreator Value vs Array
+ JsonCreator on static method in Enum and Enum used as
key in map fails randomly
+ 'StdSubtypeResolver' is not thread safe (possibly due
to copy not being made with 'ObjectMapper.copy()')
+ 'Conflicting setter definitions for property' exception
for 'Map' subtype during deserialization
+ Fail to deserialize local Records
+ Rearranging of props when property-based generator is
in use leads to incorrect output
+ Jackson doesn't respect
'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer
properties
+ 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS'
don't support 'Map' type field
+ JsonParser from MismatchedInputException cannot
getText() for floating-point value
+ i-I case conversion problem in Turkish locale with
case-insensitive deserialization
+ '@JsonInject' fails on trying to find deserializer even
if inject-only
+ Polymorphic deserialization should handle
case-insensitive Type Id property name if
'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled
+ TreeTraversingParser and UTF8StreamJsonParser create
contexts differently
+ Support use of '@JsonAlias' for enum values
+ 'declaringClass' of 'enum-as-POJO' not removed for
'ObjectMapper' with a naming strategy
+ Fix 'JavaType.isEnumType()' to support sub-classes
+ BeanDeserializerBuilder Protected Factory Method for Extension
+ Support '@JsonSerialize(keyUsing)' and
'@JsonDeserialize(keyUsing)' on Key class
+ Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL'
+ 'ObjectMapper.registerSubtypes(NamedType...)' doesn't
allow registering same POJO for two different type ids
+ 'DeserializationContext.handleMissingInstantiator()'
throws 'MismatchedInputException' for non-static inner classes
+ Incorrect 'JsonStreamContext' for 'TokenBuffer' and
'TreeTraversingParser'
+ Add 'AnnotationIntrospector.findRenameByField()' to
support Kotlin's 'is-getter' naming convention
+ Use '@JsonProperty(index)' for sorting properties on
serialization
+ Java 8 'Optional' not working with '@JsonUnwrapped' on
unwrappable type
+ Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES'
to allow blocking use of unsafe base type for polymorphic
deserialization
+ 'ObjectMapper.setSerializationInclusion()' is ignored
for 'JsonAnyGetter'
+ 'ValueInstantiationException' when deserializing using
a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS'
+ JsonIgnoreProperties(ignoreUnknown = true) does not
work on field and method level
+ Failure to resolve generic type parameters on
serialization
+ JsonParser cannot getText() for input stream on
MismatchedInputException
+ ObjectReader readValue lacks Class<T> argument
+ Change default textual serialization of
'java.util.Date'/'Calendar' to include colon in timezone
offset
+ Add 'ObjectMapper.createParser()' and 'createGenerator()' methods
+ Allow serialization of 'Properties' with non-String values
+ Add new factory method for creating custom 'EnumValues'
to pass to 'EnumDeserializer
+ 'IllegalArgumentException' thrown for mismatched
subclass deserialization
+ Add convenience methods for creating 'List', 'Map'
valued 'ObjectReader's (ObjectMapper.readerForListOf())
+ 'SerializerProvider.findContentValueSerializer()' methods
jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0:
+ (cbor) Should validate UTF-8 multi-byte validity for short decode path too
+ (ion) Deprecate 'CloseSafeUTF8Writer', remove use
+ (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'
+ (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'
+ (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully
+ (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient
handling of broken Unicode surrogate pairs on writing
+ (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule'
for native ser/deser
+ Support base64 strings in 'getBinaryValue()' for CBOR and Smile
+ (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name
+ (avro) Generate logicalType switch
+ (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name
+ (ion) 'jackson-dataformat-ion' does not handle
null.struct deserialization correctly
+ 'Ion-java' dep 1.4.0 -> 1.8.0
+ Minor change to Ion module registration names (fully-qualified)
+ (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)
+ (smile) Uncaught validation problem wrt Smile 'BigDecimal' type
+ (smile) ArrayIndexOutOfBoundsException for malformed Smile header
+ (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE
+ (smile) Allocate byte[] lazily for longer Smile binary data payloads
+ (cbor) CBORParser need to validate zero-length byte[] for BigInteger
+ (smile) Handle invalid chunked-binary-format length gracefully
+ (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded)
+ (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue()
+ (smile) Handle sequence of Smile header markers without recursion
+ (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary)
+ (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids
when upgrading from 2.8
+ (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String
+ (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array)
+ (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer'
+ (ion) Add support for generating IonSexps
+ (ion) Add support for deserializing IonTimestamps and IonBlobs
+ (ion) Add 'IonObjectMapper.builderForBinaryWriters()' /
'.builderforTextualWriters()' convenience methods
+ (ion) Enabling pretty-printing fails Ion serialization
+ (ion) Allow disabling native type ids in IonMapper
+ (smile) Small bug in byte-alignment for long field names
in Smile, symbol table reuse
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (ion) Optimize 'IonParser.getNumberType()' using
'IonReader.getIntegerSize()'
+ (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING'
for lenient handling of Unicode surrogate pairs on writing
+ (cbor) Add support for decoding unassigned 'simple
values' (type 7)
+ Add Gradle Module Metadata
(https://blog.gradle.org/alignment-with-gradle-module-metadata)
+ (avro) Cache record names to avoid hitting class loader
+ (avro) Avro null deserialization
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to
support binary writes, fix 'java.util.UUID' representation
+ (ion) Allow 'IonObjectMapper' with class name annotation
introspector to deserialize generic subtypes
+ Remove dependencies upon Jackson 1.X and Avro's
JacksonUtils
+ 'jackson-databind' should not be full dependency for
(cbor, protobuf, smile) modules
+ 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not
write most compact form for all integers
+ 'AvroGenerator' overrides 'getOutputContext()' properly
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (avro) Fix schema evolution involving maps of non-scalar
+ (protobuf) Parsing a protobuf message doesn't properly skip unknown fields
+ (ion) IonObjectMapper close()s the provided IonWriter unnecessarily
+ ion-java dependency 1.4.0 -> 1.5.1
Patchnames
SUSE-2022-1678,SUSE-SLE-Module-Basesystem-15-SP3-2022-1678,SUSE-SLE-Module-Basesystem-15-SP4-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP3-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP4-2022-1678,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1678,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1678,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-RT-15-SP2-2022-1678,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1678,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1678,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1678,SUSE-Storage-7-2022-1678,openSUSE-SLE-15.3-2022-1678,openSUSE-SLE-15.4-2022-1678
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core", title: "Title of the patch", }, { category: "description", text: "This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132)\n- CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616)\n- CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481)\n\nNon security fixes:\n\njackson-annotations - update from version 2.10.2 to version 2.13.0:\n\n + Build with source/target levels 8\n + Add 'mvnw' wrapper\n + 'JsonSubType.Type' should accept array of names\n + Jackson version alignment with Gradle 6\n + Add '@JsonIncludeProperties'\n + Add '@JsonTypeInfo(use=DEDUCTION)'\n + Ability to use '@JsonAnyGetter' on fields\n + Add '@JsonKey' annotation\n + Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping\n + Add 'namespace' property for '@JsonProperty' (for XML module)\n + Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue'\n + 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null'\n + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven\n\njackson-bom - update from version 2.10.2 to version 2.13.0:\n\n + Configure moditect plugin with '<jvmVersion>11</jvmVersion>'\n + jackson-bom manages the version of 'junit:junit'\n + Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes)\n + Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts\n (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers)\n + Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2)\n + Add (beta) version for 'jackson-dataformat-toml'\n + Jakarta 9 artifact versions are missing from jackson-bom\n + Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata)\n + Add default settings for 'build-helper-maven-plugin'\n + Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later)\n + Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+\n + Add missing version for jackson-datatype-eclipse-collections\n \njackson-core - update from version 2.10.2 to version 2.13.0:\n\n + Build with source and target levels 8\n + Misleading exception for input source when processing byte buffer with start offset\n + Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()'\n + Add 'StreamWriteException' type to eventually replace 'JsonGenerationException'\n + Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in \n 'JsonParser'\n + Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()'\n + Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in \n 'JsonParser'/'JsonGenerator\n + Introduce O(n^1.5) BigDecimal parser implementation\n + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null\n + UTF32Reader ArrayIndexOutOfBoundsException\n + Improve exception/JsonLocation handling for binary content: don't show content, include byte offset\n + Fix an issue with the TokenFilter unable to ignore properties when deserializing.\n + Optimize array allocation by 'JsonStringEncoder'\n + Add 'mvnw' wrapper\n + (partial) Optimize array allocation by 'JsonStringEncoder'\n + Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers' \n (like 'getJsonStringEncoder()')\n + 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)'\n + Allow 'optional-padding' for 'Base64Variant'\n + More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion')\n + Publish Gradle Module Metadata\n + Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements\n + Add 'JsonParser.isExpectedNumberIntToken()' convenience method\n + Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements\n + Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering\n + Limit initial allocated block size by 'ByteArrayBuilder' to max block size\n + Add 'JacksonException' as parent class of 'JsonProcessingException'\n + Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public\n + Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead)\n + Full 'LICENSE' included in jar for easier access by compliancy tools\n + Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator'\n + Add a String Array write method in the Streaming API\n + Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber'\n + Add JsonGenerator#writeNumber(char[], int, int) method\n + Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called\n + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'\n + Optionally allow leading decimal in float tokens\n + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven\n + Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens\n + Handle case when system property access is restricted\n + 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'\n + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists\n + 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads \n\njackson-databind - update from version 2.10.5.1 to version 2.13.0:\n\n + '@JsonValue' with integer for enum does not deserialize correctly\n + 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message\n + Add 'DatabindException' as intermediate subtype of 'JsonMappingException'\n + Jackson does not support deserializing new Java 9 unmodifiable collections\n + Allocate TokenBuffer instance via context objects (to\n allow format-specific buffer types)\n + Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper'\n + Add 'DeserializationContext.readTreeAsValue()' methods\n for more convenient conversions for deserializers to use\n + Clean up support of typed 'unmodifiable', 'singleton'\n Maps/Sets/Collections\n + Extend internal bitfield of 'MapperFeature' to be\n 'long'\n + Add 'removeMixIn()' method in 'MapperBuilder'\n + Backport 'MapperBuilder' lambda-taking methods:\n 'withConfigOverride()', 'withCoercionConfig()',\n 'withCoercionConfigDefaults()'\n + configOverrides(boolean.class) silently ignored,\n whereas .configOverride(Boolean.class) works for both\n primitives and boxed boolean values\n + Dont track unknown props in buffer if\n 'ignoreAllUnknown' is true\n + Should allow deserialization of java.time types via\n opaque 'JsonToken.VALUE_EMBEDDED_OBJECT'\n + Optimize 'AnnotatedConstructor.call()' case by passing\n explicit null\n + Add AnnotationIntrospector.XmlExtensions interface for\n decoupling javax dependencies\n + Custom SimpleModule not included in list returned by\n ObjectMapper.getRegisteredModuleIds() after registration\n + Use more limiting default visibility settings for JDK\n types (java.*, javax.*)\n + Deep merge for 'JsonNode' using 'ObjectReader.readTree()'\n + IllegalArgumentException: Conflicting setter\n definitions for property with more than 2 setters\n + Serializing java.lang.Thread fails on JDK 11 and above\n + String-based 'Map' key deserializer is not\n deterministic when there is no single arg constructor\n + Add ArrayNode#set(int index, primitive_type value)\n + JsonStreamContext 'currentValue' wrongly references to\n '@JsonTypeInfo' annotated object\n + DOM 'Node' serialization omits the default namespace\n declaration\n + Support 'suppressed' property when deserializing 'Throwable'\n + 'AnnotatedMember.equals()' does not work reliably\n + Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module\n + For an absent property Jackson injects 'NullNode'\n instead of 'null' to a JsonNode-typed constructor argument of\n a '@ConstructorProperties'-annotated constructor\n + 'XMLGregorianCalendar' doesn't work with default typing\n + Content 'null' handling not working for root values\n + StdDeserializer rejects blank (all-whitespace) strings\n for ints\n + 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with\n 'DefaultTypeResolverBuilder'\n + Add PropertyNamingStrategies.UpperSnakeCaseStrategy\n (and UPPER_SNAKE_CASE constant)\n + StackOverflowError when serializing JsonProcessingException\n + Support for BCP 47 'java.util.Locale' serialization/deserialization\n + String property deserializes null as 'null' for\n JsonTypeInfo.As.EXISTING_PROPERTY\n + Can not deserialize json to enum value with\n Object-/Array-valued input, '@JsonCreator'\n + Fix to avoid problem with 'BigDecimalNode', scale of\n 'Integer.MIN_VALUE'\n + Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover\n coercion from (Empty) String via 'AsNull'\n + Add 'mvnw' wrapper\n + (regression) Factory method generic type resolution\n does not use Class-bound type parameter\n + Deserialization of 'empty' subtype with DEDUCTION failed\n + Merge findInjectableValues() results in\n AnnotationIntrospectorPair\n + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't\n work with empty strings\n + 'TypeFactory' cannot convert 'Collection' sub-type\n without type parameters to canonical form and back\n + Fix for [modules-java8#207]: prevent fail on secondary Java 8\n date/time types\n + EXTERNAL_PROPERTY does not work well with '@JsonCreator'\n and 'FAIL_ON_UNKNOWN_PROPERTIES'\n + String property deserializes null as 'null' for\n 'JsonTypeInfo.As.EXTERNAL_PROPERTY'\n + Property ignorals cause 'BeanDeserializer 'to forget\n how to read from arrays (not copying\n '_arrayDelegateDeserializer')\n + UntypedObjectDeserializer' mixes multiple unwrapped\n collections (related to #2733)\n + Two cases of incorrect error reporting about\n DeserializationFeature\n + Bug in polymorphic deserialization with '@JsonCreator',\n '@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY'\n + Polymorphic subtype deduction ignores 'defaultImpl'\n attribute\n + MismatchedInputException: Cannot deserialize instance\n of 'com.fasterxml.jackson.databind.node.ObjectNode' out of\n VALUE_NULL token\n + Missing override for 'hasAsKey()' in\n 'AnnotationIntrospectorPair'\n + Creator lookup fails with 'InvalidDefinitionException'\n for conflict between single-double/single-Double arg constructor\n + 'MapDeserializer' forcing 'JsonMappingException'\n wrapping even if WRAP_EXCEPTIONS set to false\n + Auto-detection of constructor-based creator method\n skipped if there is an annotated factory-based creator method\n (regression from 2.11)\n + 'ObjectMapper.treeToValue()' no longer invokes\n 'JsonDeserializer.getNullValue()'\n + DeserializationProblemHandler is not invoked when\n trying to deserialize String\n + Fix failing 'double' JsonCreators in jackson 2.12.0\n + Conflicting in POJOPropertiesCollector when having\n namingStrategy\n + Breaking API change in 'BasicClassIntrospector' (2.12.0)\n + 'JsonNode.requiredAt()' does NOT fail on some path expressions\n + Exception thrown when 'Collections.synchronizedList()'\n is serialized with type info, deserialized\n + Add option to resolve type from multiple existing\n properties, '@JsonTypeInfo(use=DEDUCTION)'\n + '@JsonIgnoreProperties' does not prevent Exception\n Conflicting getter/setter definitions for property\n + Deserialization Not Working Right with Generic Types and\n Builders\n + Add '@JsonIncludeProperties(propertyNames)' (reverse of\n '@JsonIgnoreProperties')\n + '@JsonAnyGetter' should be allowed on a field\n + Allow handling of single-arg constructor as property\n based by default\n + Allow case insensitive deserialization of String value\n into 'boolean'/'Boolean' (esp for Excel)\n + Allow use of '@JsonFormat(with=JsonFormat.Feature\n .ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class\n + Abstract class included as part of known type ids for\n error message when using JsonSubTypes\n + Distinguish null from empty string for UUID\n deserialization\n + 'ReferenceType' does not expose valid containedType\n + Add 'CoercionConfig[s]' mechanism for configuring\n allowed coercions\n + 'JsonProperty.Access.READ_ONLY' does not work with\n 'getter-as-setter' 'Collection's\n + Support 'BigInteger' and 'BigDecimal' creators in\n 'StdValueInstantiator'\n + 'JsonProperty.Access.READ_ONLY' fails with collections\n when a property name is specified\n + 'BigDecimal' precision not retained for polymorphic\n deserialization\n + Support use of 'Void' valued properties\n ('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES')\n + Explicitly fail (de)serialization of 'java.time.*'\n types in absence of registered custom (de)serializers\n + Improve description included in by\n 'DeserializationContext.handleUnexpectedToken()'\n + Support for JDK 14 record types ('java.lang.Record')\n + 'PropertyNamingStrategy' class initialization depends\n on its subclass, this can lead to class loading deadlock\n + 'FAIL_ON_IGNORED_PROPERTIES' does not throw on\n 'READONLY' properties with an explicit name\n + Add Gradle Module Metadata for version alignment with\n Gradle 6\n + Allow 'JsonNode' auto-convert into 'ArrayNode' if\n duplicates found (for XML)\n + Allow values of 'untyped' auto-convert into 'List' if\n duplicates found (for XML)\n + Add 'ValueInstantiator.createContextual(...)\n + Support multiple names in 'JsonSubType.Type'\n + Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic\n deserialization of Enums\n + Explicitly fail (de)serialization of 'org.joda.time.*'\n types in absence of registered custom (de)serializers\n + Trailing zeros are stripped when deserializing\n BigDecimal values inside a @JsonUnwrapped property\n + Extract getter/setter/field name mangling from\n 'BeanUtil' into pluggable 'AccessorNamingStrategy'\n + Throw 'InvalidFormatException' instead of\n 'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion\n failures\n + Add '@JsonKey' annotation (similar to '@JsonValue') for\n customizable serialization of Map keys\n + 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should\n work for enum as keys\n + Add support for disabling special handling of 'Creator\n properties' wrt alphabetic property ordering\n + Add 'JsonNode.canConvertToExactIntegral()' to indicate\n whether floating-point/BigDecimal values could be converted to\n integers losslessly\n + Improve static factory method generic type resolution\n logic\n + Allow preventing 'Enum from integer' coercion using new\n 'CoercionConfig' system\n + '@JsonValue' not considered when evaluating inclusion\n + Make some java platform modules optional\n + Add support for serializing 'java.sql.Blob'\n + 'AnnotatedCreatorCollector' should avoid processing\n synthetic static (factory) methods\n + Add errorprone static analysis profile to detect bugs at build time\n + Problem with implicit creator name detection for constructor detection\n + Add 'BeanDeserializerBase.isCaseInsensitive()'\n + Refactoring of 'CollectionDeserializer' to solve CSV array handling issues\n + Full 'LICENSE' included in jar for easier access by compliancy tools\n + Fix type resolution for static methods (regression in 2.11.3)\n + '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo', \n 'PropertyGenerator'\n + Add debug improvements about 'ClassUtil.getClassMethods()'\n + Cannot detect creator arguments of mixins for JDK types\n + Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer')\n + Json serialization fails or a specific case that\n contains generics and static methods with generic parameters\n (2.11.1 -> 2.11.2 regression)\n + 'ObjectMapper.activateDefaultTypingAsProperty()' is not\n using parameter 'PolymorphicTypeValidator'\n + Problem deserialization 'raw generic' fields\n (like 'Map') in 2.11.2\n + Fix issues with 'MapLikeType.isTrueMapType()',\n 'CollectionLikeType.isTrueCollectionType()'\n + Parser/Generator features not set when using\n 'ObjectMapper.createParser()', 'createGenerator()'\n + Polymorphic subtypes not registering on copied\n ObjectMapper (2.11.1)\n + Failure to read AnnotatedField value in Jackson 2.11\n + 'TypeFactory.constructType()' does not take\n 'TypeBindings' correctly\n + Builder Deserialization with JsonCreator Value vs Array\n + JsonCreator on static method in Enum and Enum used as\n key in map fails randomly\n + 'StdSubtypeResolver' is not thread safe (possibly due\n to copy not being made with 'ObjectMapper.copy()')\n + 'Conflicting setter definitions for property' exception\n for 'Map' subtype during deserialization\n + Fail to deserialize local Records\n + Rearranging of props when property-based generator is\n in use leads to incorrect output\n + Jackson doesn't respect\n 'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer\n properties\n + 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS'\n don't support 'Map' type field\n + JsonParser from MismatchedInputException cannot\n getText() for floating-point value\n + i-I case conversion problem in Turkish locale with\n case-insensitive deserialization\n + '@JsonInject' fails on trying to find deserializer even\n if inject-only\n + Polymorphic deserialization should handle\n case-insensitive Type Id property name if\n 'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled\n + TreeTraversingParser and UTF8StreamJsonParser create\n contexts differently\n + Support use of '@JsonAlias' for enum values\n + 'declaringClass' of 'enum-as-POJO' not removed for\n 'ObjectMapper' with a naming strategy\n + Fix 'JavaType.isEnumType()' to support sub-classes\n + BeanDeserializerBuilder Protected Factory Method for Extension\n + Support '@JsonSerialize(keyUsing)' and\n '@JsonDeserialize(keyUsing)' on Key class\n + Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL'\n + 'ObjectMapper.registerSubtypes(NamedType...)' doesn't\n allow registering same POJO for two different type ids\n + 'DeserializationContext.handleMissingInstantiator()'\n throws 'MismatchedInputException' for non-static inner classes\n + Incorrect 'JsonStreamContext' for 'TokenBuffer' and\n 'TreeTraversingParser'\n + Add 'AnnotationIntrospector.findRenameByField()' to\n support Kotlin's 'is-getter' naming convention\n + Use '@JsonProperty(index)' for sorting properties on\n serialization\n + Java 8 'Optional' not working with '@JsonUnwrapped' on\n unwrappable type\n + Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES'\n to allow blocking use of unsafe base type for polymorphic\n deserialization\n + 'ObjectMapper.setSerializationInclusion()' is ignored\n for 'JsonAnyGetter'\n + 'ValueInstantiationException' when deserializing using\n a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS'\n + JsonIgnoreProperties(ignoreUnknown = true) does not\n work on field and method level\n + Failure to resolve generic type parameters on\n serialization\n + JsonParser cannot getText() for input stream on\n MismatchedInputException\n + ObjectReader readValue lacks Class<T> argument\n + Change default textual serialization of\n 'java.util.Date'/'Calendar' to include colon in timezone\n offset\n + Add 'ObjectMapper.createParser()' and 'createGenerator()' methods\n + Allow serialization of 'Properties' with non-String values\n + Add new factory method for creating custom 'EnumValues'\n to pass to 'EnumDeserializer\n + 'IllegalArgumentException' thrown for mismatched\n subclass deserialization\n + Add convenience methods for creating 'List', 'Map'\n valued 'ObjectReader's (ObjectMapper.readerForListOf())\n + 'SerializerProvider.findContentValueSerializer()' methods\n \njackson-dataformats-binary - update from version 2.10.1 to version 2.13.0:\n \n + (cbor) Should validate UTF-8 multi-byte validity for short decode path too\n + (ion) Deprecate 'CloseSafeUTF8Writer', remove use\n + (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'\n + (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'\n + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully\n + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)\n + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)\n + (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient\n handling of broken Unicode surrogate pairs on writing\n + (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule'\n for native ser/deser\n + Support base64 strings in 'getBinaryValue()' for CBOR and Smile\n + (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name\n + (avro) Generate logicalType switch\n + (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name\n + (ion) 'jackson-dataformat-ion' does not handle\n null.struct deserialization correctly\n + 'Ion-java' dep 1.4.0 -> 1.8.0\n + Minor change to Ion module registration names (fully-qualified)\n + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)\n + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)\n + (smile) Uncaught validation problem wrt Smile 'BigDecimal' type\n + (smile) ArrayIndexOutOfBoundsException for malformed Smile header\n + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE\n + (smile) Allocate byte[] lazily for longer Smile binary data payloads\n + (cbor) CBORParser need to validate zero-length byte[] for BigInteger\n + (smile) Handle invalid chunked-binary-format length gracefully\n + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded)\n + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue()\n + (smile) Handle sequence of Smile header markers without recursion\n + (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary)\n + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids \n when upgrading from 2.8\n + (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String\n + (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array)\n + (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer'\n + (ion) Add support for generating IonSexps\n + (ion) Add support for deserializing IonTimestamps and IonBlobs\n + (ion) Add 'IonObjectMapper.builderForBinaryWriters()' /\n '.builderforTextualWriters()' convenience methods\n + (ion) Enabling pretty-printing fails Ion serialization\n + (ion) Allow disabling native type ids in IonMapper\n + (smile) Small bug in byte-alignment for long field names\n in Smile, symbol table reuse\n + (ion) Add 'IonFactory.getIonSystem()' accessor\n + (ion) Optimize 'IonParser.getNumberType()' using\n 'IonReader.getIntegerSize()'\n + (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING'\n for lenient handling of Unicode surrogate pairs on writing\n + (cbor) Add support for decoding unassigned 'simple\n values' (type 7)\n + Add Gradle Module Metadata\n (https://blog.gradle.org/alignment-with-gradle-module-metadata)\n + (avro) Cache record names to avoid hitting class loader\n + (avro) Avro null deserialization\n + (ion) Add 'IonFactory.getIonSystem()' accessor\n + (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to\n support binary writes, fix 'java.util.UUID' representation\n + (ion) Allow 'IonObjectMapper' with class name annotation\n introspector to deserialize generic subtypes\n + Remove dependencies upon Jackson 1.X and Avro's\n JacksonUtils\n + 'jackson-databind' should not be full dependency for\n (cbor, protobuf, smile) modules\n + 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not\n write most compact form for all integers\n + 'AvroGenerator' overrides 'getOutputContext()' properly\n + (ion) Add 'IonFactory.getIonSystem()' accessor\n + (avro) Fix schema evolution involving maps of non-scalar\n + (protobuf) Parsing a protobuf message doesn't properly skip unknown fields\n + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily\n + ion-java dependency 1.4.0 -> 1.5.1 \n ", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1678,SUSE-SLE-Module-Basesystem-15-SP3-2022-1678,SUSE-SLE-Module-Basesystem-15-SP4-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP3-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP4-2022-1678,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1678,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1678,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-RT-15-SP2-2022-1678,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1678,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1678,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1678,SUSE-Storage-7-2022-1678,openSUSE-SLE-15.3-2022-1678,openSUSE-SLE-15.4-2022-1678", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1678-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:1678-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20221678-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:1678-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011022.html", }, { category: "self", summary: "SUSE Bug 1177616", url: "https://bugzilla.suse.com/1177616", }, { category: "self", summary: "SUSE Bug 1182481", url: "https://bugzilla.suse.com/1182481", }, { category: "self", summary: "SUSE Bug 1197132", url: "https://bugzilla.suse.com/1197132", }, { category: "self", summary: "SUSE CVE CVE-2020-25649 page", url: "https://www.suse.com/security/cve/CVE-2020-25649/", }, { category: "self", summary: "SUSE CVE CVE-2020-28491 page", url: "https://www.suse.com/security/cve/CVE-2020-28491/", }, { category: "self", summary: "SUSE CVE CVE-2020-36518 page", url: "https://www.suse.com/security/cve/CVE-2020-36518/", }, ], title: "Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core", tracking: { current_release_date: "2022-05-16T08:19:25Z", generator: { date: "2022-05-16T08:19:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:1678-1", initial_release_date: "2022-05-16T08:19:25Z", revision_history: [ { date: "2022-05-16T08:19:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "jackson-annotations-2.13.0-150200.3.6.1.noarch", product: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch", product_id: "jackson-annotations-2.13.0-150200.3.6.1.noarch", }, }, { category: "product_version", name: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", product: { name: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", product_id: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", }, }, { category: "product_version", name: "jackson-bom-2.13.0-150200.3.3.1.noarch", product: { name: "jackson-bom-2.13.0-150200.3.3.1.noarch", product_id: "jackson-bom-2.13.0-150200.3.3.1.noarch", }, }, { category: "product_version", name: "jackson-core-2.13.0-150200.3.6.1.noarch", product: { name: "jackson-core-2.13.0-150200.3.6.1.noarch", product_id: "jackson-core-2.13.0-150200.3.6.1.noarch", }, }, { category: "product_version", name: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", product: { name: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", product_id: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", }, }, { category: "product_version", name: "jackson-databind-2.13.0-150200.3.9.1.noarch", product: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch", product_id: "jackson-databind-2.13.0-150200.3.9.1.noarch", }, }, { category: "product_version", name: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", product: { name: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", product_id: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", }, }, { category: "product_version", name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", product: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", product_id: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, }, { category: "product_version", name: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", product: { name: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", product_id: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", }, }, { category: "product_version", name: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", product: { name: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", product_id: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", }, }, { category: "product_version", name: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", product: { name: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", product_id: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Real Time 15 SP2", product: { name: "SUSE Linux Enterprise Real Time 15 SP2", product_id: "SUSE Linux Enterprise Real Time 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sle_rt:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles_bcl:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 4.1", product: { name: "SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.1", }, }, }, { category: "product_name", name: "SUSE Manager Retail Branch Server 4.1", product: { name: "SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.1", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.1", product: { name: "SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.1", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP4", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP3", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2", product_id: "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2", product_id: "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2", product_id: "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Real Time 15 SP2", product_id: "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-bom-2.13.0-150200.3.3.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", }, product_reference: "jackson-bom-2.13.0-150200.3.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-bom-2.13.0-150200.3.3.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", }, product_reference: "jackson-bom-2.13.0-150200.3.3.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-core-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", }, product_reference: "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", }, product_reference: "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", }, product_reference: "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2020-25649", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-25649", }, ], notes: [ { category: "general", text: "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-25649", url: "https://www.suse.com/security/cve/CVE-2020-25649", }, { category: "external", summary: "SUSE Bug 1177616 for CVE-2020-25649", url: "https://bugzilla.suse.com/1177616", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T08:19:25Z", details: "moderate", }, ], title: "CVE-2020-25649", }, { cve: "CVE-2020-28491", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28491", }, ], notes: [ { category: "general", text: "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-28491", url: "https://www.suse.com/security/cve/CVE-2020-28491", }, { category: "external", summary: "SUSE Bug 1182481 for CVE-2020-28491", url: "https://bugzilla.suse.com/1182481", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T08:19:25Z", details: "important", }, ], title: "CVE-2020-28491", }, { cve: "CVE-2020-36518", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-36518", }, ], notes: [ { category: "general", text: "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-36518", url: "https://www.suse.com/security/cve/CVE-2020-36518", }, { category: "external", summary: "SUSE Bug 1197132 for CVE-2020-36518", url: "https://bugzilla.suse.com/1197132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch", "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch", "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch", "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch", "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch", "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch", "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T08:19:25Z", details: "important", }, ], title: "CVE-2020-36518", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.