JSON deserialization vulnerability allows remote attacker to cause denial of service via maliciously crafted HTTP request
- Gradle Enterprise 2018.5.1 - 2022.3.4
Related CVE ID(s)
Gradle Enterprise uses Jackson Databind to generate and parse JSON data, including parsing JSON HTTP request bodies. Before Jackson version 2.14.0-rc1, parsing maliciously crafted JSON data may lead to denial of service via resource exhaustion. This vulnerability can be used to cause the Gradle Enterprise server to restart and not respond to requests for several minutes.
Users should update to Gradle Enterprise 2022.3.5, which is no longer susceptible to these JSON parsing vulnerabilities.