Vulnerability — CVE-2022-42003

CVE-2022-42003

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2022-42003
Description:: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
Last updated date:: 12/20/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/04/2022
Reference url to background: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/04/2022
Reference url to background: https://github.com/FasterXML/jackson-databind/issues/3590