VDB

GCVE-110-MAGEIA-2024-69

GCVE-110-MAGEIA-2024-69
Advisory Published
Vulnetix · Advisory published March 16, 2024
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. (CVE-2020-36518) In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. (CVE-2022-42003) In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)

Affected Products

VendorProductVersionsPlatforms
Salesforceflow
Mageianeovim0 (affected), 0.9.5-1.mga9 (unaffected)
Mageiajackson-databind0 (affected), 2.11.4-2.1.mga9 (unaffected), 0 (affected), 2.11.4-2.1.mga9 (unaffected)

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›