CVE-2020-36518: jackson-databind security issue

Question

jackiedlh opened this issue 2 years ago · 1 comments

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Answer 1 · 2023-02-24T13:56:07.000Z

@guusdk, @Flowdalic: Have you seen this CVE issue?

There is a PR here: