7 matches found
Amazon Linux 2 : jackson (ALAS-2025-2934)
The version of jackson installed on the remote host is prior to 1.9.4-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2934 advisory. jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. In...
jackson-core can throw a StackoverflowError when processing deeply nested data
Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input...
CVE-2025-52999
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
CVE-2025-52999
CVE-2025-52999 concerns Jackson Core: in versions before 2.15.0, parsing input with deeply nested data can trigger a StackOverflowError. Jackson-core 2.15.0 introduces a configurable depth limit (default 1000) and throws StreamConstraintsException when exceeded. Jackson-databind benefits from thi...