VulnerableCode Package Details - pkg:rpm/redhat/jackson-core@2.19.1-1?arch=el9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/jackson-core@2.19.1-1?arch=el9_2

purl	pkg:rpm/redhat/jackson-core@2.19.1-1?arch=el9_2

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-pwnn-qx48-ykae Aliases: CVE-2025-52999 GHSA-h46c-h94j-95f3	jackson-core can throw a StackoverflowError when processing deeply nested data ### Impact With older versions of jackson-core, if you parse an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. ### Patches jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. Change is in https://github.com/FasterXML/jackson-core/pull/943. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. ### Workarounds Users should avoid parsing input files from untrusted sources.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:39:00.476627+00:00	RedHat Importer	Affected by	VCID-pwnn-qx48-ykae	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-52999.json	38.0.0