jackson-databind <2.13.4: Resource Exhaustion via Deeply Nested Arrays
CVE-2022-42004 Published on October 2, 2022

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2022-42004

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-42004 are published in these products:

FasterXML Jackson Databind

Quarkus

Debian Linux

NetApp Oncommand Workflow Automation

Oracle

Exploit Probability

EPSS

0.26%

Percentile

48.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

jackson-databind <2.13.4: Resource Exhaustion via Deeply Nested ArraysCVE-2022-42004 Published on October 2, 2022

Products Associated with CVE-2022-42004

Exploit Probability

jackson-databind <2.13.4: Resource Exhaustion via Deeply Nested Arrays
CVE-2022-42004 Published on October 2, 2022