CVE-2018-1000873

Name of the Vulnerable Software and Affected Versions Fasterxml Jackson versions prior to 2.9.8

Description The issue is related to improper input validation in Jackson-Modules-Java8, which can result in a denial-of-service (DoS) when the victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in version 2.9.8.

Recommendations For versions prior to 2.9.8, update to version 2.9.8 or later to resolve the issue. As a temporary workaround, consider restricting the deserialization of time values with large nanoseconds fields to minimize the risk of exploitation.