vulnerability
Oracle Linux: CVE-2025-52999: ELSA-2025-12280: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jun 25, 2025 | Aug 1, 2025 | Aug 26, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 25, 2025
Added
Aug 1, 2025
Modified
Aug 26, 2025
Description
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
Solutions
oracle-linux-upgrade-apache-commons-collectionsoracle-linux-upgrade-apache-commons-langoracle-linux-upgrade-apache-commons-netoracle-linux-upgrade-bea-stax-apioracle-linux-upgrade-fasterxml-oss-parentoracle-linux-upgrade-glassfish-fastinfosetoracle-linux-upgrade-glassfish-jaxb-apioracle-linux-upgrade-glassfish-jaxb-coreoracle-linux-upgrade-glassfish-jaxb-runtimeoracle-linux-upgrade-glassfish-jaxb-txw2oracle-linux-upgrade-jackson-annotationsoracle-linux-upgrade-jackson-bomoracle-linux-upgrade-jackson-coreoracle-linux-upgrade-jackson-databindoracle-linux-upgrade-jackson-jaxrs-json-provideroracle-linux-upgrade-jackson-jaxrs-providersoracle-linux-upgrade-jackson-module-jaxb-annotationsoracle-linux-upgrade-jackson-modules-baseoracle-linux-upgrade-jackson-parentoracle-linux-upgrade-jakarta-commons-httpclientoracle-linux-upgrade-javassistoracle-linux-upgrade-javassist-javadocoracle-linux-upgrade-pki-jackson-annotationsoracle-linux-upgrade-pki-jackson-coreoracle-linux-upgrade-pki-jackson-databindoracle-linux-upgrade-pki-jackson-jaxrs-json-provideroracle-linux-upgrade-pki-jackson-jaxrs-providersoracle-linux-upgrade-pki-jackson-module-jaxb-annotationsoracle-linux-upgrade-pki-servlet-engineoracle-linux-upgrade-relaxngdatatypeoracle-linux-upgrade-slf4joracle-linux-upgrade-slf4j-jdk14oracle-linux-upgrade-stax-exoracle-linux-upgrade-velocityoracle-linux-upgrade-xalan-j2oracle-linux-upgrade-xerces-j2oracle-linux-upgrade-xml-commons-apisoracle-linux-upgrade-xml-commons-resolveroracle-linux-upgrade-xmlstreambufferoracle-linux-upgrade-xsom
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.