Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/06 7:14 a.m.31 views

CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...

8.7CVSS0.00552EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/06 7:14 a.m.1 views

CVE-2026-29062 jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constrai...

8.7CVSS5.7AI score0.00552EPSS
Exploits0References3
CVE
CVE
added 2026/03/06 7:14 a.m.77 views

CVE-2026-29062

CVE-2026-29062 affects jackson-core: from 3.0.0 up to before 3.1.0, the UTF8DataInputJsonParser (used when parsing from java.io.DataInput) bypasses the StreamReadConstraints maxNestingDepth (default 500), allowing excessively nested JSON to cause a StackOverflowError and a resulting DoS. A simila...

8.7CVSS5.7AI score0.00552EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 9:23 p.m.22 views

jackson-core has Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary The UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint default: 500 defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive...

8.7CVSS5.8AI score0.00552EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder