Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-12280

Опубликовано: 30 июл. 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-12280: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update (IMPORTANT)

jackson-annotations [2.19.1-1]

  • Update to version 2.19.1
  • Resolves: RHEL-100233

jackson-core [2.19.1-1]

  • Update to version 2.19.1
  • Resolves: RHEL-103636

jackson-databind [2.19.1-1]

  • Update to version 2.19.1
  • Resolves: RHEL-100233

jackson-jaxrs-providers [2.19.1-1]

  • Update to version 2.19.1
  • Resolves: RHEL-100239

jackson-modules-base [2.19.1-1]

  • Update to version 2.19.1
  • Resolves: RHEL-100245

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

pki-jackson-annotations

2.19.1-1.el9_6

pki-jackson-core

2.19.1-1.el9_6

pki-jackson-databind

2.19.1-1.el9_6

pki-jackson-jaxrs-json-provider

2.19.1-1.el9_6

pki-jackson-jaxrs-providers

2.19.1-1.el9_6

pki-jackson-module-jaxb-annotations

2.19.1-1.el9_6

Oracle Linux x86_64

pki-jackson-annotations

2.19.1-1.el9_6

pki-jackson-core

2.19.1-1.el9_6

pki-jackson-databind

2.19.1-1.el9_6

pki-jackson-jaxrs-json-provider

2.19.1-1.el9_6

pki-jackson-jaxrs-providers

2.19.1-1.el9_6

pki-jackson-module-jaxb-annotations

2.19.1-1.el9_6

Связанные CVE

Связанные уязвимости

ubuntu
около 2 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

CVSS3: 7.5
redhat
около 2 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

nvd
около 2 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

debian
около 2 месяцев назад

jackson-core contains core low-level incremental ("streaming") parser ...

github
около 1 месяца назад

jackson-core can throw a StackoverflowError when processing deeply nested data