CVE-2022-42003 Information

Description

In FasterXML jackson-databind before 2.14.0-rc1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Reference

https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 https://github.com/FasterXML/jackson-databind/issues/3590