CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

[xlfe]

This seems to have been given a rating of High 7.5

Request to bump jackson-databind once https://github.com/FasterXML/jackson-databind/issues/2816 is merged

https://github.com/FasterXML/jackson-databind/issues/2816 https://github.com/advisories/GHSA-57j2-w4cx-62h2 https://github.com/opensearch-project/anomaly-detection/issues/436