Browse all 6 CVE security advisories affecting FasterXML. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FasterXML develops the Jackson JSON processing library, widely used for data binding and parsing in Java applications. Historically, vulnerabilities have primarily centered on remote code execution (RCE) and cross-site scripting (XSS) due to insecure deserialization and input validation flaws. The library's extensive adoption makes it a high-value target. Notable security characteristics include its modular architecture, though complex configurations can introduce risks. While no major public incidents have been widely documented, the 6 CVEs on record highlight persistent concerns around memory corruption and improper handling of untrusted input, necessitating careful implementation and regular updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29062 | jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion — jackson-coreCWE-770 | 7.5 | - | 2026-03-06 |
| CVE-2025-52999 | jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data — jackson-coreCWE-121 | 6.5 | - | 2025-06-25 |
| CVE-2025-49128 | Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation — jackson-coreCWE-209 | 4.0 | Medium | 2025-06-06 |
| CVE-2023-3894 | DOS in jackson-dataformats-text — jackson-dataformats-textCWE-20 | 5.8 | Medium | 2023-08-08 |
| CVE-2017-15095 | FasterXML Jackson-databind 代码问题漏洞 — jackson-databindCWE-184 | 9.8 | - | 2018-02-06 |
| CVE-2017-7525 | FasterXML Jackson 代码问题漏洞 — jackson-databindCWE-184 | 9.8 | - | 2018-02-06 |
This page lists every published CVE security advisory associated with FasterXML. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.