WS-2018-0125 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0125

WS-2018-0125

Published:May 19, 2026

Updated:May 19, 2026

OutOfMemoryError when writing BigDecimal In Jackson Core before version 2.7.7. When enabled the WRITE_BIGDECIMAL_AS_PLAIN setting, Jackson will attempt to write out the whole number, no matter how large the exponent.

Affected Packages

beakerx (CONDA):

Affected version(s) >=0.12.2 <=1.4.1

Fix Suggestion:

Update to version no_fix

wdltool (CONDA):

Affected version(s) >=0.6 <=0.14

Fix Suggestion:

Update to version no_fix

flapjack (CONDA):

Affected version(s) >=1.16.10.31 <=1.20.10.07

Fix Suggestion:

Update to version no_fix

pyspark (CONDA):

Affected version(s) >=2.1.0 <3.0.0

Fix Suggestion:

Update to version 3.0.0

r-awr (CONDA):

Affected version(s) =1.11.189 <1.11.189_1

Fix Suggestion:

Update to version 1.11.189_1

pepquery (CONDA):

Affected version(s) >=1.3.0 <2.0.2

Fix Suggestion:

Update to version 2.0.2

nextflow (CONDA):

Affected version(s) =0.31.1 <0.32.0

Fix Suggestion:

Update to version 0.32.0

openrefine (CONDA):

Affected version(s) =2.7 <3.4

Fix Suggestion:

Update to version 3.4

beakerx (CONDA):

Affected version(s) >=0.3.0.dev0 <0.12.0

Fix Suggestion:

Update to version 0.12.0

mpa-portable (CONDA):

Affected version(s) =1.4.1 <1.9.0

Fix Suggestion:

Update to version 1.9.0

cromwell (CONDA):

Affected version(s) >=0.19.4 <0.30

Fix Suggestion:

Update to version 0.30

pepgenome (CONDA):

Affected version(s) =1.1.beta

Fix Suggestion:

Update to version no_fix

nextflow (CONDA):

Affected version(s) >=0.27.0 <0.31.0

Fix Suggestion:

Update to version 0.31.0

nextflow (CONDA):

Affected version(s) >=19.01.0 <21.04.0

Fix Suggestion:

Update to version 21.04.0

oraclenosqldriver (NUGET):

Affected version(s) >=12.4.5 <=12.4.5.4

Fix Suggestion:

Update to version no_fix

jetbrains.rider.frontend4 (NUGET):

Affected version(s) =202.0.20201215.161733 <202.0.20200820.182208

Fix Suggestion:

Update to version 202.0.20200820.182208

oracle.kv.client (NUGET):

Affected version(s) =12.4.20170407 <12.4.1

Fix Suggestion:

Update to version 12.4.1

vufind/vufind (PHP):

Affected version(s) =dev-legacy/jquerymobile <dev-legacy/mink-autoretry

Fix Suggestion:

Update to version dev-legacy/mink-autoretry

stesabvba/horizon (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

ziack/jasperphp (PHP):

Affected version(s) =dev-development <dev-master

Fix Suggestion:

Update to version dev-master

xidmonx/jasperphp (PHP):

Affected version(s) >=dev-allow-string-parameters <2.7.0

Fix Suggestion:

Update to version 2.7.0

i4n/phpjasper (PHP):

Affected version(s) =dev-master <1.1.0

Fix Suggestion:

Update to version 1.1.0

fazo96/jasperphp (PHP):

Affected version(s) >=v1.0.0 <=v2.3.0

Fix Suggestion:

Update to version no_fix

a.ambrogini/phpjasper (PHP):

Affected version(s) >=v2.7 <=2.8

Fix Suggestion:

Update to version no_fix

copam/phpjasper (PHP):

Affected version(s) >=v1.0 <1.4

Fix Suggestion:

Update to version 1.4

eihen/jasperstarter-bin (PHP):

Affected version(s) >=v3.2.1.0 <v3.4.1.0

Fix Suggestion:

Update to version v3.4.1.0

chrmorandi/yii2-jasper (PHP):

Affected version(s) >=dev-master <v1.1.1

Fix Suggestion:

Update to version v1.1.1

smart145/phpjasper (PHP):

Affected version(s) >=v1.6 <v1.8

Fix Suggestion:

Update to version v1.8

a.ambrogini/phpjasper (PHP):

Affected version(s) >=dev-develop <v1.1

Fix Suggestion:

Update to version v1.1

a.ambrogini/phpjasper (PHP):

Affected version(s) >=v1.2 <v2.6

Fix Suggestion:

Update to version v2.6

minkbear/phpjasper (PHP):

Affected version(s) >=v1.0 <3.0.0

Fix Suggestion:

Update to version 3.0.0

copam/phpjasper7 (PHP):

Affected version(s) >=v1.0 <v1.3

Fix Suggestion:

Update to version v1.3

cossou/jasperphp (PHP):

Affected version(s) >=dev-allow-string-parameters <=dev-pr/79

Fix Suggestion:

Update to version no_fix

smart145/phpjasper (PHP):

Affected version(s) >=v2.2 <3.0.0

Fix Suggestion:

Update to version 3.0.0

rdpascua/jasperstarter (PHP):

Affected version(s) >=3.1.0 <3.5.0

Fix Suggestion:

Update to version 3.5.0

dericktan/phpjasper (PHP):

Affected version(s) >=dev-master <v1.2

Fix Suggestion:

Update to version v1.2

smart145/phpjasper (PHP):

Affected version(s) =v1.16 <2.0

Fix Suggestion:

Update to version 2.0

vufind/vufind (PHP):

Affected version(s) >=dev-release-3.0 <v3.1

Fix Suggestion:

Update to version v3.1

ziack/jasperphp (PHP):

Affected version(s) =dev-pr/79

Fix Suggestion:

Update to version no_fix

starkliew/jasperphp (PHP):

Affected version(s) >=dev-development <=v2.4.0

Fix Suggestion:

Update to version no_fix

salesfusion/reporter (PHP):

Affected version(s) >=1.0.0 <1.1.4

Fix Suggestion:

Update to version 1.1.4

smart145/phpjasper (PHP):

Affected version(s) =v1.10 <v1.11

Fix Suggestion:

Update to version v1.11

dericktan/phpjasper (PHP):

Affected version(s) >=v1.3 <=v1.5.1

Fix Suggestion:

Update to version no_fix

siu-toba/jasper (PHP):

Affected version(s) >=v5.6 <=v5.6.2

Fix Suggestion:

Update to version no_fix

smart145/phpjasper (PHP):

Affected version(s) =v1.4 <v1.5

Fix Suggestion:

Update to version v1.5

copam/phpjasper (PHP):

Affected version(s) =v1.4 <v1.5

Fix Suggestion:

Update to version v1.5

geekcom/phpjasper-laravel (PHP):

Affected version(s) >=v1.0 <=v1.1

Fix Suggestion:

Update to version no_fix

davidecaruso/jasper-php (PHP):

Affected version(s) >=dev-develop <v1.0.0

Fix Suggestion:

Update to version v1.0.0

nealis/jasperphp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

smart145/phpjasper (PHP):

Affected version(s) =v1.0 <v1.1

Fix Suggestion:

Update to version v1.1

copam/phpjasper7 (PHP):

Affected version(s) =dev-develop <dev-master

Fix Suggestion:

Update to version dev-master

lavela/phpjasper (PHP):

Affected version(s) =dev-develop <dev-master

Fix Suggestion:

Update to version dev-master

vufind/vufind (PHP):

Affected version(s) =dev-feature/foundation5 <dev-release-5.0

Fix Suggestion:

Update to version dev-release-5.0

davidecaruso/jasper-php (PHP):

Affected version(s) =v1.0.2

Fix Suggestion:

Update to version no_fix

ziack/jasperphp (PHP):

Affected version(s) >=v1.0.0 <2.8.0

Fix Suggestion:

Update to version 2.8.0

vufind/vufind (PHP):

Affected version(s) =dev-legacy/vudl <dev-pullrequest_accessib_turn-my-account-menu-into-ul

Fix Suggestion:

Update to version dev-pullrequest_accessib_turn-my-account-menu-into-ul

lavela/phpjasper (PHP):

Affected version(s) >=v1.3 <v2.0

Fix Suggestion:

Update to version v2.0

lopezsoft/jasperphp (PHP):

Affected version(s) >=dev-main <v2.9.3

Fix Suggestion:

Update to version v2.9.3

beakerx (PYTHON):

Affected version(s) >=0.12.2 <=1.4.1

Fix Suggestion:

Update to version no_fix

beakerx (PYTHON):

Affected version(s) >=0.3.0.dev0 <0.12.0

Fix Suggestion:

Update to version 0.12.0

Related Resources (2)

https://github.com/FasterXML/jackson-core/commit/96642978dcf1b69cba68ec72cb2f652d59a8b5be

https://github.com/FasterXML/jackson-core/issues/315

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

NONE

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW