Skip to main content
CVE-2022-42004 HIGH POC PATCH This Week

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service Jackson Databind Quarkus Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-42003 HIGH POC PATCH This Week

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service Jackson Databind Quarkus Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy