[
https://issues.apache.org/jira/browse/CASSANDRA-20617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
C. Scott Andreas updated CASSANDRA-20617:
-----------------------------------------
Resolution: Not A Bug
Status: Resolved (was: Triage Needed)
It is the role of the database to store and retrieve data provided by an
authenticated client.
Resource consumption due to a large numeric type is not a security
vulnerability.
> BDSA-2022-4307 vulnerability is reported by BluckDuck scan in
> apache-cassandra/lib/jackson-core-2.13.2.jar Cassandra5.0.2
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-20617
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20617
> Project: Apache Cassandra
> Issue Type: Bug
> Reporter: Kapil Shewate
> Priority: Normal
>
> FasterXML Jackson Core does not restrict the size of certain numeric types. A
> remote attacker able to supply specially crafted serialized data to an
> application that deserializes it, could cause excessive resource consumption
> resulting in a denial-of-service (DoS).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
