CVE-2020-36518 @ Maven-com.fasterxml.jackson.core:jackson-databind-2.12.5

[SamHeadrickCx]

Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.12.5 in branch master

jackson-databind before 2.12.6.1 and 2.13.x before 2.13.2.1 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Namespace: SamHeadrickCx
Repository: easybuggy4sb
Repository Url: https://github.com/SamHeadrickCx/easybuggy4sb
CxAST-Project: SamHeadrickCx/easybuggy4sb
CxAST platform scan: 3776f006-a82c-4067-99d1-88d4ec11b623
Branch: master
Application: easybuggy4sb
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-787

---

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
Remediation Upgrade Recommendation: 2.12.6.1

---

References
Issue
Advisory
Release Note
Release Note
Commit
Pull request