Checkmarx, for the below line of code, reports the issue Uncontrolled_Memory_Allocation.
ObjectNode values = objectMapper.readValue(request.getInputStream(), ObjectNode.class);
A user that is invoking the given request is authorized in the system. I'm not able to decide what's a reasonable size of a stream that the system should allow. Sometimes it could be even 60 MB, but I cannot predict whether someone would like to upload a file that has, let's say, 80MB. I know I could try to catch OutOfMemoryError, but this is in general very bad practice.
What would be the correct way to handle this issue?
If your code allows arbitrary amounts of memory to be allocated, the result that was flagged by Checkmarx is correct. If the files only come from a trusted source/user, the issue is not very severe, but still should be fixed.
It is clear that you cannot exactly predict the maximum size of the files that may be uploaded, but no validation and limitation of maximum size is not good practice. Try to estimate what size still makes sense for a user to upload and use a 10x size limit to be future proof. Make sure to test your system and see if there are any adverse effects of uploading such big files.
Good luck!