Description
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
Remediation
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50083
https://github.com/FasterXML/jackson-dataformats-text/blob/2.16/release-notes/VERSION-2.x
https://github.com/FasterXML/jackson-dataformats-text/pull/398
Related Vulnerabilities
CVE-2023-46133 Vulnerability in npm package crypto-es
CVE-2021-22137 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2021-23555 Vulnerability in npm package vm2
CVE-2022-24728 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2022-34870 Vulnerability in maven package org.apache.geode:geode-pulse