Mageia 2024-0069: jackson-databind security update

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. (CVE-2020-36518) In FasterXML jackson-databind before versions and, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the
文 » A