Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.12.6.1 in branch master
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the "UNWRAP_SINGLE_VALUE_ARRAYS" feature is enabled.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 9299eec0-db6d-4aaf-a84e-cae2611689d7
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-502
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
References
Advisory
Issue
Issue
Commit
Release Note
Vulnerable Package issue exists @ Maven-com.fasterxml.jackson.core:jackson-databind-2.12.6.1 in branch master
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the "UNWRAP_SINGLE_VALUE_ARRAYS" feature is enabled.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 9299eec0-db6d-4aaf-a84e-cae2611689d7
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-502
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: HIGH
References
Advisory
Issue
Issue
Commit
Release Note