Search for packages
| purl | pkg:maven/com.fasterxml.jackson.core/jackson-core@2.0.0-RC2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-pwnn-qx48-ykae
Aliases: CVE-2025-52999 GHSA-h46c-h94j-95f3 |
jackson-core can throw a StackoverflowError when processing deeply nested data ### Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. ### Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. Change is in https://github.com/FasterXML/jackson-core/pull/943. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. ### Workarounds Users should avoid parsing input files from untrusted sources. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:31:51.941306+00:00 | GitLab Importer | Affected by | VCID-pwnn-qx48-ykae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-core/CVE-2025-52999.yml | 38.4.0 |
| 2026-04-12T00:51:43.423195+00:00 | GitLab Importer | Affected by | VCID-pwnn-qx48-ykae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-core/CVE-2025-52999.yml | 38.3.0 |
| 2026-04-03T00:59:48.062554+00:00 | GitLab Importer | Affected by | VCID-pwnn-qx48-ykae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.core/jackson-core/CVE-2025-52999.yml | 38.1.0 |