Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.fasterxml.jackson.core/jackson-core@2.2.0

Type maven

Namespace com.fasterxml.jackson.core

Name jackson-core

Version 2.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.15.0

Latest_non_vulnerable_version 2.21.1

Affected_by_vulnerabilities

url VCID-6ef9-baja-dqck

vulnerability_id VCID-6ef9-baja-dqck

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52999.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52999.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-52999

reference_id

reference_type

scores

value	0.00206
scoring_system	epss
scoring_elements	0.42881
published_at	2026-06-11T12:55:00Z

value	0.00252
scoring_system	epss
scoring_elements	0.48983
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-52999

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52999
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52999

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/FasterXML/jackson-core

reference_id

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-core

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108367
reference_id	1108367
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108367

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2374804
reference_id	2374804
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2374804

reference_url

https://github.com/FasterXML/jackson-core/pull/943

reference_id

943

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:04:07Z/

url

https://github.com/FasterXML/jackson-core/pull/943

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-52999

reference_id

CVE-2025-52999

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-52999

reference_url	https://github.com/advisories/GHSA-h46c-h94j-95f3
reference_id	GHSA-h46c-h94j-95f3
reference_type
scores
url	https://github.com/advisories/GHSA-h46c-h94j-95f3

reference_url

https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3

reference_id

GHSA-h46c-h94j-95f3

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T18:04:07Z/

url

https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3

reference_url	https://access.redhat.com/errata/RHSA-2025:10092
reference_id	RHSA-2025:10092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10092

reference_url	https://access.redhat.com/errata/RHSA-2025:10097
reference_id	RHSA-2025:10097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10097

reference_url	https://access.redhat.com/errata/RHSA-2025:10098
reference_id	RHSA-2025:10098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10098

reference_url	https://access.redhat.com/errata/RHSA-2025:10104
reference_id	RHSA-2025:10104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10104

reference_url	https://access.redhat.com/errata/RHSA-2025:10118
reference_id	RHSA-2025:10118
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10118

reference_url	https://access.redhat.com/errata/RHSA-2025:10119
reference_id	RHSA-2025:10119
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10119

reference_url	https://access.redhat.com/errata/RHSA-2025:10120
reference_id	RHSA-2025:10120
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10120

reference_url	https://access.redhat.com/errata/RHSA-2025:11473
reference_id	RHSA-2025:11473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11473

reference_url	https://access.redhat.com/errata/RHSA-2025:11474
reference_id	RHSA-2025:11474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11474

reference_url	https://access.redhat.com/errata/RHSA-2025:12280
reference_id	RHSA-2025:12280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12280

reference_url	https://access.redhat.com/errata/RHSA-2025:12281
reference_id	RHSA-2025:12281
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12281

reference_url	https://access.redhat.com/errata/RHSA-2025:12282
reference_id	RHSA-2025:12282
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12282

reference_url	https://access.redhat.com/errata/RHSA-2025:12283
reference_id	RHSA-2025:12283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12283

reference_url	https://access.redhat.com/errata/RHSA-2025:14116
reference_id	RHSA-2025:14116
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14116

reference_url	https://access.redhat.com/errata/RHSA-2025:14117
reference_id	RHSA-2025:14117
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14117

reference_url	https://access.redhat.com/errata/RHSA-2025:14118
reference_id	RHSA-2025:14118
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14118

reference_url	https://access.redhat.com/errata/RHSA-2025:14126
reference_id	RHSA-2025:14126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14126

reference_url	https://access.redhat.com/errata/RHSA-2025:14127
reference_id	RHSA-2025:14127
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14127

reference_url	https://access.redhat.com/errata/RHSA-2025:15717
reference_id	RHSA-2025:15717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15717

reference_url	https://access.redhat.com/errata/RHSA-2025:15847
reference_id	RHSA-2025:15847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15847

reference_url	https://access.redhat.com/errata/RHSA-2025:17189
reference_id	RHSA-2025:17189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17189

reference_url	https://access.redhat.com/errata/RHSA-2025:3465
reference_id	RHSA-2025:3465
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3465

reference_url	https://access.redhat.com/errata/RHSA-2025:3467
reference_id	RHSA-2025:3467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3467

reference_url	https://access.redhat.com/errata/RHSA-2026:0742
reference_id	RHSA-2026:0742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0742

reference_url	https://access.redhat.com/errata/RHSA-2026:0743
reference_id	RHSA-2026:0743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0743

reference_url	https://access.redhat.com/errata/RHSA-2026:4915
reference_id	RHSA-2026:4915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4915

reference_url	https://access.redhat.com/errata/RHSA-2026:4916
reference_id	RHSA-2026:4916
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4916

reference_url	https://access.redhat.com/errata/RHSA-2026:4917
reference_id	RHSA-2026:4917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4917

fixed_packages

url	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.15.0
purl	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.15.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.15.0

aliases CVE-2025-52999, GHSA-h46c-h94j-95f3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ef9-baja-dqck

url VCID-v5jf-3f2g-4kgd

vulnerability_id VCID-v5jf-3f2g-4kgd

summary Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49128.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49128.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49128

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05925
published_at	2026-06-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08115
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49128

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49128
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49128

reference_url

https://github.com/FasterXML/jackson-core

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FasterXML/jackson-core

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-49128

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-49128

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370891
reference_id	2370891
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370891

reference_url

https://github.com/FasterXML/jackson-core/pull/652

reference_id

652

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:13:56Z/

url

https://github.com/FasterXML/jackson-core/pull/652

reference_url

https://github.com/FasterXML/jackson-core/commit/a6c297682737dde13337cb7c3020f299518609a8

reference_id

a6c297682737dde13337cb7c3020f299518609a8

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:13:56Z/

url

https://github.com/FasterXML/jackson-core/commit/a6c297682737dde13337cb7c3020f299518609a8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22145

reference_id

CVE-2021-22145

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22145

reference_url	https://github.com/advisories/GHSA-wf8f-6423-gfxg
reference_id	GHSA-wf8f-6423-gfxg
reference_type
scores
url	https://github.com/advisories/GHSA-wf8f-6423-gfxg

reference_url

https://github.com/FasterXML/jackson-core/security/advisories/GHSA-wf8f-6423-gfxg

reference_id

GHSA-wf8f-6423-gfxg

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:13:56Z/

url

https://github.com/FasterXML/jackson-core/security/advisories/GHSA-wf8f-6423-gfxg

fixed_packages

url pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.0

purl pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6ef9-baja-dqck

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.13.0

aliases CVE-2025-49128, GHSA-wf8f-6423-gfxg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v5jf-3f2g-4kgd

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-core@2.2.0

Package Instance