Security Advisory Description
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)
Impact
System performance can degrade through resource exhaustion. This vulnerability allows a remote attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system.