In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | jackson-databind | < 2.14.0-1 | jackson-databind_2.14.0-1_all.deb |
Debian | 11 | all | jackson-databind | < 2.12.1-1+deb11u1 | jackson-databind_2.12.1-1+deb11u1_all.deb |
Debian | 10 | all | jackson-databind | < 2.9.8-3+deb10u4 | jackson-databind_2.9.8-3+deb10u4_all.deb |
Debian | 999 | all | jackson-databind | < 2.14.0-1 | jackson-databind_2.14.0-1_all.deb |
Debian | 13 | all | jackson-databind | < 2.14.0-1 | jackson-databind_2.14.0-1_all.deb |