National Cyber Warfare Foundation (NCWF) Forums


CVE-2022-42004


0 user ratings
2022-10-02 10:15:56
milo
CVEs
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

CVE-2022-42004
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
2022-10-02T05:15:09Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
CVEs



© Copyright 2012 through 2022 - National Cyber War Foundation - All rights reserved worldwide.