CVE-2023-35116

Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.12.0 through 2.15.2

Description The issue in jackson-databind is related to unlimited resource allocation, which can be exploited to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.

Recommendations For jackson-databind versions 2.12.0 through 2.15.2, consider disabling the serialization of cyclic data structures as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.