Jackson Databind 2.13.4.1 Resource Exhaustion via Deep Wrapper Arrays
CVE-2022-42003 Published on October 2, 2022

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2022-42003

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-42003 are published in these products:

FasterXML Jackson Databind

Quarkus

Debian Linux

NetApp Oncommand Workflow Automation

Oracle

Exploit Probability

EPSS

0.23%

Percentile

46.07%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jackson Databind 2.13.4.1 Resource Exhaustion via Deep Wrapper ArraysCVE-2022-42003 Published on October 2, 2022

Products Associated with CVE-2022-42003

Exploit Probability

Jackson Databind 2.13.4.1 Resource Exhaustion via Deep Wrapper Arrays
CVE-2022-42003 Published on October 2, 2022