VYPR

Maven package

com.fasterxml.jackson.core/jackson-core

pkg:maven/com.fasterxml.jackson.core/jackson-core

Vulnerabilities (2)

  • CVE-2025-52999HigJun 25, 2025
    affected < 2.15.0fixed 2.15.0

    jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the de

  • CVE-2025-49128MedJun 6, 2025
    affected >= 2.0.0, < 2.13.0fixed 2.13.0

    Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unint