Lucene search

K
broadcomBroadcom Security ResponseBSNSA22129
HistoryMay 03, 2023 - 12:00 a.m.

CVE-2022-42004 -In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur

2023-05-0300:00:00
Broadcom Security Response
support.broadcom.com
22
fasterxml jackson-databind vulnerability brocade software

AI Score

7.6

Confidence

High

EPSS

0.003

Percentile

66.3%

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check-in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Products Confirmed Not Affected
No Brocade Fibre Channel Products from Broadcom products are known to be affected by this vulnerability.