Debian 10033 Published by

A jackson-databind security update has been released for Debian GNU/Linux 9 Extended LTS to address several flaws.



ELA-732-1 jackson-databind security update

Package : jackson-databind

Version : 2.8.6-1+deb9u11 (stretch)

Related CVEs :
CVE-2022-42003
CVE-2022-42004

Several flaws were discovered in jackson-databind, a fast and powerful JSON library for Java. A denial of service (resource exhaustion) could occur because of a missing check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

  ELA-732-1 jackson-databind security update