CVE-2022-42003
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
General data-binding package for Jackson: works on streaming API (core) implementation(s)
GitHub