fix: enforce stream read/write constraints to prevent excessive nesting

Author: daniel-kmiecik

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/ObjectMapperFactory.java

@@ -3,7 +3,9 @@
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonFactoryBuilder;
+import com.fasterxml.jackson.core.StreamReadConstraints;
 import com.fasterxml.jackson.core.StreamReadFeature;
+import com.fasterxml.jackson.core.StreamWriteConstraints;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
@@ -42,12 +44,16 @@ private static ObjectMapper create(JsonFactory jsonFactory, boolean includePathD
     private static JsonFactory createJsonFactory() {
         return new JsonFactoryBuilder()
           .enable(StreamReadFeature.STRICT_DUPLICATE_DETECTION)
+          .streamReadConstraints(StreamReadConstraints.builder().maxNestingDepth(2000).build())
+          .streamWriteConstraints(StreamWriteConstraints.builder().maxNestingDepth(2000).build())
           .build();
     }
 
     private static JsonFactory createYamlFactory() {
         return YAMLFactory.builder()
           .enable(StreamReadFeature.STRICT_DUPLICATE_DETECTION)
+          .streamReadConstraints(StreamReadConstraints.builder().maxNestingDepth(2000).build())
+          .streamWriteConstraints(StreamWriteConstraints.builder().maxNestingDepth(2000).build())
           .build();
     }
 }