CVE-2020-36518
Published
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
General data-binding package for Jackson: works on streaming API (core) implementation(s)
GitHub