VDB
GCVE-110-MAGEIA-2024-69
GCVE-110-MAGEIA-2024-69
Advisory Published
jackson-databind before 2.13.0 allows a Java StackOverflow exception and
denial of service via a large depth of nested objects. (CVE-2020-36518)
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1,
resource exhaustion can occur because of a lack of a check in primitive
value deserializers to avoid deep wrapper array nesting, when the
UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. (CVE-2022-42003)
In FasterXML jackson-databind before 2.13.4, resource exhaustion can
occur because of a lack of a check in
BeanDeserializer._deserializeFromArray to prevent use of deeply nested
arrays. An application is vulnerable only with certain customized
choices for deserialization. (CVE-2022-42004)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Salesforce | flow | — | — |
| Mageia | neovim | 0 (affected), 0.9.5-1.mga9 (unaffected) | — |
| Mageia | jackson-databind | 0 (affected), 2.11.4-2.1.mga9 (unaffected), 0 (affected), 2.11.4-2.1.mga9 (unaffected) | — |
Aliases
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.