Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-42004

Опубликовано: 02 окт. 2022
Источник: redhat
CVSS3: 7.5

Описание

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2jackson-databindNot affected
Red Hat A-MQ Onlinejackson-databindNot affected
Red Hat build of Apicurio Registry 2jackson-databindAffected
Red Hat build of Debezium 1jackson-databindNot affected
Red Hat Enterprise Linux 8jackson-databindAffected
Red Hat Enterprise Linux 8pki-deps:10.6/jackson-databindWill not fix
Red Hat Enterprise Linux 9jackson-databindWill not fix
Red Hat Fuse 7jackson-databindWill not fix
Red Hat Integration Camel K 1jackson-databindAffected
Red Hat Integration Service Registryjackson-databindOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=2135247jackson-databind: use of deeply nested arrays

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-42004

CVSS3: 7.5
ubuntu
больше 3 лет назад

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

nvd логотип

CVE-2022-42004

CVSS3: 7.5
nvd
больше 3 лет назад

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

debian логотип

CVE-2022-42004

CVSS3: 7.5
debian
больше 3 лет назад

In FasterXML jackson-databind before 2.13.4, resource exhaustion can o ...

github логотип

GHSA-rgv9-q543-rqg4

CVSS3: 7.5
github
больше 3 лет назад

Uncontrolled Resource Consumption in FasterXML jackson-databind

fstec логотип

BDU:2023-05617

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость библиотеки Jackson-databind проекта FasterXML, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю вызвать отказ в обслуживании

7.5 High

CVSS3