CVE-2022-42003

Name of the Vulnerable Software and Affected Versions FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1 FasterXML jackson-databind versions 2.13.x through 2.13.4.1 Bamboo Data Center and Server versions 9.1.0 through 9.2.4 Bamboo Data Center and Server versions 9.3.0 through 9.3.2 Bitbucket Data Center and Server versions 7.17.0 through 7.21.13 Bitbucket Data Center and Server versions 8.7.0 through 8.9.3 Bitbucket Data Center and Server versions 8.10.0 through 8.10.3 Bitbucket Data Center and Server versions 8.11.0 through 8.11.2 Bitbucket Data Center and Server versions 8.12.0 through 8.12.0 Bitbucket Data Center and Server versions 8.13.0 through 8.13.0

Description The issue is related to resource exhaustion due to a lack of a check in primitive value deserializers to avoid deep wrapper array nesting when the UNWRAP SINGLE VALUE ARRAYS feature is enabled. This can allow an unauthenticated attacker to expose assets in the environment susceptible to exploitation, with no impact to confidentiality, no impact to integrity, and high impact to availability, requiring no user interaction.

Recommendations For FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1, upgrade to version 2.12.7.1 or later. For FasterXML jackson-databind versions 2.13.x through 2.13.4.1, upgrade to version 2.13.4.2 or later. For Bamboo Data Center and Server versions 9.1.0 through 9.2.4, upgrade to version 9.2.5 or later. For Bamboo Data Center and Server versions 9.3.0 through 9.3.2, upgrade to version 9.3.3 or later. For Bitbucket Data Center and Server versions 7.17.0 through 7.21.13, upgrade to version 7.21.14 or later. For Bitbucket Data Center and Server versions 8.7.0 through 8.9.3, upgrade to version 8.9.4 or later. For Bitbucket Data Center and Server versions 8.10.0 through 8.10.3, upgrade to version 8.10.4 or later. For Bitbucket Data Center and Server versions 8.11.0 through 8.11.2, upgrade to version 8.11.3 or later. For Bitbucket Data Center and Server versions 8.12.0 through 8.12.0, upgrade to version 8.12.1 or later. For Bitbucket Data Center and Server versions 8.13.0 through 8.13.0, upgrade to version 8.13.1 or later.