Deeply nested json in jackson-databind
High severity
GitHub Reviewed
Published
Mar 12, 2022
to the GitHub Advisory Database
•
Updated Mar 15, 2024
Package
Affected versions
>= 2.13.0, <= 2.13.2.0
<= 2.12.6.0
Patched versions
2.13.2.1
2.12.6.1
Description
Published by the National Vulnerability Database
Mar 11, 2022
Published to the GitHub Advisory Database
Mar 12, 2022
Reviewed
Mar 22, 2022
Last updated
Mar 15, 2024
Credits
-
farbeiza-enverus Analyst
-
stickycode Analyst
-
mr-c Analyst
-
victornoel Analyst
-
guima Analyst
-
Zeouterlimits Analyst
-
joschi Analyst
-
JoshDM Analyst
-
sunSUNQ Analyst
jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects.
References