Hi team, We have got below two vulnerabilities on Kafka 3PP.
CVE-2022-42003<https://nvd.nist.gov/vuln/detail/CVE-2022-42003> In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1 CVE-2022-42004<https://nvd.nist.gov/vuln/detail/CVE-2022-42004> In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. Is 3PP is using the impacted functionality and in which version of Kafka these will be fixed? Regards, Sahil
