Description
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Remediation
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x
https://github.com/FasterXML/jackson-dataformats-text/pull/398
Related Vulnerabilities
CVE-2021-26540 Vulnerability in npm package sanitize-html
CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs
CVE-2021-34428 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2021-21119 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-28168 Vulnerability in maven package org.glassfish.jersey.core:jersey-common