Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-52999 (GCVE-0-2025-52999)
Vulnerability from cvelistv5 – Published: 2025-06-25 17:02 – Updated: 2025-06-25 18:04
VLAI
EPSS
Title
jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
Summary
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/FasterXML/jackson-core/securit… | x_refsource_CONFIRM |
| https://github.com/FasterXML/jackson-core/pull/943 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FasterXML | jackson-core |
Affected:
< 2.15.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T18:04:07.206576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T18:04:23.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jackson-core",
"vendor": "FasterXML",
"versions": [
{
"status": "affected",
"version": "\u003c 2.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jackson-core contains core low-level incremental (\"streaming\") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T17:02:57.428Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
},
{
"name": "https://github.com/FasterXML/jackson-core/pull/943",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-core/pull/943"
}
],
"source": {
"advisory": "GHSA-h46c-h94j-95f3",
"discovery": "UNKNOWN"
},
"title": "jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52999",
"datePublished": "2025-06-25T17:02:57.428Z",
"dateReserved": "2025-06-24T03:50:36.795Z",
"dateUpdated": "2025-06-25T18:04:23.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-52999",
"date": "2026-06-16",
"epss": "0.00634",
"percentile": "0.4547"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-52999\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-25T17:15:39.820\",\"lastModified\":\"2025-06-26T18:57:43.670\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jackson-core contains core low-level incremental (\\\"streaming\\\") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.\"},{\"lang\":\"es\",\"value\":\"jackson-core contiene las abstracciones principales del analizador incremental (\\\"streaming\\\") de bajo nivel y del generador utilizadas por Jackson Data Processor. En versiones anteriores a la 2.15.0, si un usuario analiza un archivo de entrada con datos profundamente anidados, Jackson pod\u00eda generar un error de Stackoverflow si la profundidad era excesiva. jackson-core 2.15.0 incluye un l\u00edmite configurable para la profundidad que Jackson recorrer\u00e1 en un documento de entrada, con una profundidad predeterminada de 1000. jackson-core generar\u00e1 una excepci\u00f3n StreamConstraintsException si se alcanza el l\u00edmite. jackson-databind tambi\u00e9n se beneficia de este cambio, ya que utiliza jackson-core para analizar las entradas JSON. Como soluci\u00f3n alternativa, se recomienda a los usuarios evitar analizar archivos de entrada de fuentes no confiables.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://github.com/FasterXML/jackson-core/pull/943\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-121\", \"lang\": \"en\", \"description\": \"CWE-121: Stack-based Buffer Overflow\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"version\": \"4.0\"}}], \"references\": [{\"name\": \"https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3\"}, {\"name\": \"https://github.com/FasterXML/jackson-core/pull/943\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/FasterXML/jackson-core/pull/943\"}], \"affected\": [{\"vendor\": \"FasterXML\", \"product\": \"jackson-core\", \"versions\": [{\"version\": \"\u003c 2.15.0\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-25T17:02:57.428Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"jackson-core contains core low-level incremental (\\\"streaming\\\") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.\"}], \"source\": {\"advisory\": \"GHSA-h46c-h94j-95f3\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52999\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-25T18:04:07.206576Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-25T18:04:19.172Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2025-52999\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-06-24T03:50:36.795Z\", \"datePublished\": \"2025-06-25T17:02:57.428Z\", \"dateUpdated\": \"2025-06-25T18:04:23.296Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:10098
Vulnerability from csaf_redhat - Published: 2025-07-01 14:34 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.16. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError (CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.16. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10098",
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10098.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:32+00:00",
"generator": {
"date": "2026-06-05T19:44:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10098",
"initial_release_date": "2025-07-01T14:34:48+00:00",
"revision_history": [
{
"date": "2025-07-01T14:34:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T14:34:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750857144-3.el9.src",
"product": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.src",
"product_id": "jenkins-0:2.504.2.1750857144-3.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750857144-3.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"product": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"product_id": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1750857315-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"product_id": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750857144-3.el9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"product_id": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.16.1750857315-1.el9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750857144-3.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750857144-3.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src"
},
"product_reference": "jenkins-0:2.504.2.1750857144-3.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src as a component of OpenShift Developer Tools and Services for OCP 4.16",
"product_id": "9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
},
"product_reference": "jenkins-2-plugins-0:4.16.1750857315-1.el9.src",
"relates_to_product_reference": "9Base-OCP-Tools-4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:34:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10098"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-0:2.504.2.1750857144-3.el9.src",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.noarch",
"9Base-OCP-Tools-4.16:jenkins-2-plugins-0:4.16.1750857315-1.el9.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10104
Vulnerability from csaf_redhat - Published: 2025-07-01 14:56 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.15. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.15. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10104",
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10104.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:33+00:00",
"generator": {
"date": "2026-06-05T19:44:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10104",
"initial_release_date": "2025-07-01T14:56:03+00:00",
"revision_history": [
{
"date": "2025-07-01T14:56:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T14:56:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750856366-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750856366-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750856366-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1750856638-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750856366-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.15.1750856638-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750856366-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750856366-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750856366-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.15",
"product_id": "8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.15.1750856638-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T14:56:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10104"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-0:2.504.2.1750856366-3.el8.src",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.noarch",
"8Base-OCP-Tools-4.15:jenkins-2-plugins-0:4.15.1750856638-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10118
Vulnerability from csaf_redhat - Published: 2025-07-01 16:36 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.12. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP\nTools 4.12. Red Hat Product Security has rated this update as having a\nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10118",
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10118.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:35+00:00",
"generator": {
"date": "2026-06-05T19:44:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10118",
"initial_release_date": "2025-07-01T16:36:58+00:00",
"revision_history": [
{
"date": "2025-07-01T16:36:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T16:36:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750932984-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750932984-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750932984-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1750933270-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750932984-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1750933270-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750932984-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750932984-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750932984-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12",
"product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.12.1750933270-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:36:58+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10118"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-0:2.504.2.1750932984-3.el8.src",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.noarch",
"8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1750933270-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10119
Vulnerability from csaf_redhat - Published: 2025-07-01 16:31 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for Openshift Jenkins is now available for Red Hat Product OCP
Tools 4.13. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat Product OCP \nTools 4.13. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10119",
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10119.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:35+00:00",
"generator": {
"date": "2026-06-05T19:44:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10119",
"initial_release_date": "2025-07-01T16:31:24+00:00",
"revision_history": [
{
"date": "2025-07-01T16:31:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T16:31:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750916374-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750916374-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750916374-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1750916671-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750916374-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1750916671-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750916374-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750916374-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750916374-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13",
"product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.13.1750916671-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:31:24+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10119"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-0:2.504.2.1750916374-3.el8.src",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.noarch",
"8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1750916671-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:10120
Vulnerability from csaf_redhat - Published: 2025-07-01 16:53 - Updated: 2026-06-05 19:44Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update
Severity
Important
Notes
Topic: An update for OpenShift Jenkins is now available for Red Hat Product OCP
Tools 4.14. Red Hat Product Security has rated this update as having a
security impact of important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Jenkins is a continuous integration server that monitors executions of
repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for
CVE-2023-1370) (CVE-2024-57699)
* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not
enforce maximum password length (CVE-2025-22228)
* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)
* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)
* jenkins-2-plugins: jackson-core Potential StackoverflowError
(CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.
7.4 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for OpenShift Jenkins is now available for Red Hat Product OCP \nTools 4.14. Red Hat Product Security has rated this update as having a \nsecurity impact of important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a \ndetailed severity rating, is available for each vulnerability from the CVE \nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Jenkins is a continuous integration server that monitors executions of \nrepeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins: Potential DoS via stack exhaustion (incomplete fix for\nCVE-2023-1370) (CVE-2024-57699)\n* jenkins: CVE-2025-22228: Spring Security BCryptPasswordEncoder does not\nenforce maximum password length (CVE-2025-22228)\n* jenkins: Jetty HTTP/2 Header List Size Vulnerability (CVE-2025-1948)\n* jenkins: jackson-core Potential StackoverflowError (CVE-2025-52999)\n* jenkins-2-plugins: jackson-core Potential StackoverflowError\n(CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS \nscore, acknowledgments, and other related information, refer to the CVE \npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10120",
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10120.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update",
"tracking": {
"current_release_date": "2026-06-05T19:44:36+00:00",
"generator": {
"date": "2026-06-05T19:44:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2025:10120",
"initial_release_date": "2025-07-01T16:53:09+00:00",
"revision_history": [
{
"date": "2025-07-01T16:53:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-01T16:53:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T19:44:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product": {
"name": "OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750903189-3.el8.src",
"product": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.src",
"product_id": "jenkins-0:2.504.2.1750903189-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750903189-3.el8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"product": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"product_id": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1750903529-1.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"product": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"product_id": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@2.504.2.1750903189-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"product": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"product_id": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1750903529-1.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch"
},
"product_reference": "jenkins-0:2.504.2.1750903189-3.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:2.504.2.1750903189-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src"
},
"product_reference": "jenkins-0:2.504.2.1750903189-3.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch"
},
"product_reference": "jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14",
"product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
},
"product_reference": "jenkins-2-plugins-0:4.14.1750903529-1.el8.src",
"relates_to_product_reference": "8Base-OCP-Tools-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-02-05T22:01:26.352808+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344073"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue exists because of an incomplete fix for CVE-2023-1370, therefore it only affects json-smart v2.5.0 through v2.5.1 (inclusive).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57699"
},
{
"category": "external",
"summary": "RHBZ#2344073",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344073"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699",
"url": "https://github.com/TurtleLiu/Vul_PoC/tree/main/CVE-2024-57699"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/cve-2023-1370",
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
}
],
"release_date": "2025-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)"
},
{
"cve": "CVE-2025-1948",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-05-08T18:00:52.156301+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365137"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse Jetty. This vulnerability allows denial of service attack via an HTTP/2 client specifying a very large value for the SETTINGS_MAX_HEADER_LIST_SIZE parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1948"
},
{
"category": "external",
"summary": "RHBZ#2365137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1948"
},
{
"category": "external",
"summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8",
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/56"
}
],
"release_date": "2025-05-08T17:48:40.831000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-03-20T06:00:45.196050+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2353507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22228"
},
{
"category": "external",
"summary": "RHBZ#2353507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22228"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-22228",
"url": "https://spring.io/security/cve-2025-22228"
}
],
"release_date": "2025-03-20T05:49:19.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-01T16:53:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10120"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-0:2.504.2.1750903189-3.el8.src",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.noarch",
"8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1750903529-1.el8.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:11473
Vulnerability from csaf_redhat - Published: 2025-07-21 17:07 - Updated: 2026-05-10 14:27Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11473",
"url": "https://access.redhat.com/errata/RHSA-2025:11473"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11473.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update",
"tracking": {
"current_release_date": "2026-05-10T14:27:01+00:00",
"generator": {
"date": "2026-05-10T14:27:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:11473",
"initial_release_date": "2025-07-21T17:07:33+00:00",
"revision_history": [
{
"date": "2025-07-21T17:07:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-21T17:07:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:27:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-2.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-2.redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-4.GA_redhat_00003.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-2.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-4.GA_redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_id": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-2.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_id": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_id": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-providers@2.12.7-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_id": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-4.GA_redhat_00003.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-2.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-2.redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-4.GA_redhat_00003.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-2.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-4.GA_redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-annotations@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-core@2.12.7-2.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-databind@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-base@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-jaxrs-json-provider@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-module-jaxb-annotations@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-base@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jdk8@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-datatype-jsr310@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jackson-modules-java8@2.12.7-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-4.GA_redhat_00003.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T17:07:33+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11473"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el7eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el8eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-annotations-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-core-0:2.12.7-2.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-databind-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jdk8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-datatype-jsr310-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-json-provider-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-jaxrs-providers-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-module-jaxb-annotations-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-base-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jackson-modules-java8-0:2.12.7-2.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-4.GA_redhat_00003.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-4.GA_redhat_00003.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:11474
Vulnerability from csaf_redhat - Published: 2025-07-21 16:58 - Updated: 2026-06-01 22:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.
Security Fix(es):
* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 7
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:7.4
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11474",
"url": "https://access.redhat.com/errata/RHSA-2025:11474"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11474.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 security update",
"tracking": {
"current_release_date": "2026-06-01T22:08:09+00:00",
"generator": {
"date": "2026-06-01T22:08:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:11474",
"initial_release_date": "2025-07-21T16:58:36+00:00",
"revision_history": [
{
"date": "2025-07-21T16:58:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-23T22:30:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-01T22:08:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7",
"product_id": "Red Hat JBoss Enterprise Application Platform 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-21T16:58:36+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11474"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:12280
Vulnerability from csaf_redhat - Published: 2025-07-30 09:55 - Updated: 2026-05-10 14:27Summary
Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Severity
Important
Notes
Topic: An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Core part of Jackson that defines Streaming API as well as basic shared abstractions.
Security Fix(es):
* com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:jackson-annotations-0:2.19.1-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:jackson-core-0:2.19.1-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:jackson-databind-0:2.19.1-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:jackson-modules-base-0:2.19.1-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-annotations-0:2.19.1-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-core-0:2.19.1-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-databind-0:2.19.1-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Core part of Jackson that defines Streaming API as well as basic shared abstractions.\n\nSecurity Fix(es):\n\n* com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12280",
"url": "https://access.redhat.com/errata/RHSA-2025:12280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12280.json"
}
],
"title": "Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update",
"tracking": {
"current_release_date": "2026-05-10T14:27:02+00:00",
"generator": {
"date": "2026-05-10T14:27:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:12280",
"initial_release_date": "2025-07-30T09:55:57+00:00",
"revision_history": [
{
"date": "2025-07-30T09:55:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T09:55:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:27:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.el9_6.src",
"product": {
"name": "jackson-core-0:2.19.1-1.el9_6.src",
"product_id": "jackson-core-0:2.19.1-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.el9_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.el9_6.src",
"product": {
"name": "jackson-annotations-0:2.19.1-1.el9_6.src",
"product_id": "jackson-annotations-0:2.19.1-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.el9_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.el9_6.src",
"product": {
"name": "jackson-databind-0:2.19.1-1.el9_6.src",
"product_id": "jackson-databind-0:2.19.1-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.el9_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.el9_6.src",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.el9_6.src",
"product_id": "jackson-modules-base-0:2.19.1-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.el9_6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"product": {
"name": "pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"product_id": "pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-core@2.19.1-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"product": {
"name": "pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"product_id": "pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-annotations@2.19.1-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"product": {
"name": "pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"product_id": "pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-databind@2.19.1-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch",
"product": {
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch",
"product_id": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-module-jaxb-annotations@2.19.1-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"product": {
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"product_id": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-jaxrs-json-provider@2.19.1-1.el9_6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"product": {
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"product_id": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-jaxrs-providers@2.19.1-1.el9_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:jackson-annotations-0:2.19.1-1.el9_6.src"
},
"product_reference": "jackson-annotations-0:2.19.1-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:jackson-core-0:2.19.1-1.el9_6.src"
},
"product_reference": "jackson-core-0:2.19.1-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:jackson-databind-0:2.19.1-1.el9_6.src"
},
"product_reference": "jackson-databind-0:2.19.1-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_6.src"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:jackson-modules-base-0:2.19.1-1.el9_6.src"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-annotations-0:2.19.1-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-annotations-0:2.19.1-1.el9_6.noarch"
},
"product_reference": "pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-core-0:2.19.1-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-core-0:2.19.1-1.el9_6.noarch"
},
"product_reference": "pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-databind-0:2.19.1-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-databind-0:2.19.1-1.el9_6.noarch"
},
"product_reference": "pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch"
},
"product_reference": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch"
},
"product_reference": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch"
},
"product_reference": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:jackson-annotations-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-core-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-databind-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-modules-base-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-30T09:55:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:jackson-annotations-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-core-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-databind-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-modules-base-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12280"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:jackson-annotations-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-core-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-databind-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-modules-base-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:jackson-annotations-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-core-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-databind-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:jackson-modules-base-0:2.19.1-1.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-annotations-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-core-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-databind-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_6.noarch",
"AppStream-9.6.0.Z.MAIN.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:12281
Vulnerability from csaf_redhat - Published: 2025-07-30 09:53 - Updated: 2026-05-10 14:27Summary
Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Severity
Important
Notes
Topic: An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Core part of Jackson that defines Streaming API as well as basic shared abstractions.
Security Fix(es):
* com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:jackson-annotations-0:2.19.1-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:jackson-core-0:2.19.1-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:jackson-databind-0:2.19.1-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:jackson-modules-base-0:2.19.1-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:pki-jackson-annotations-0:2.19.1-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:pki-jackson-core-0:2.19.1-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:pki-jackson-databind-0:2.19.1-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Core part of Jackson that defines Streaming API as well as basic shared abstractions.\n\nSecurity Fix(es):\n\n* com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12281",
"url": "https://access.redhat.com/errata/RHSA-2025:12281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12281.json"
}
],
"title": "Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update",
"tracking": {
"current_release_date": "2026-05-10T14:27:03+00:00",
"generator": {
"date": "2026-05-10T14:27:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:12281",
"initial_release_date": "2025-07-30T09:53:38+00:00",
"revision_history": [
{
"date": "2025-07-30T09:53:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T09:53:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:27:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.el9_4.src",
"product": {
"name": "jackson-core-0:2.19.1-1.el9_4.src",
"product_id": "jackson-core-0:2.19.1-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.el9_4.src",
"product": {
"name": "jackson-databind-0:2.19.1-1.el9_4.src",
"product_id": "jackson-databind-0:2.19.1-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.el9_4.src",
"product": {
"name": "jackson-annotations-0:2.19.1-1.el9_4.src",
"product_id": "jackson-annotations-0:2.19.1-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.el9_4.src",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.el9_4.src",
"product_id": "jackson-modules-base-0:2.19.1-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"product": {
"name": "pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"product_id": "pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-core@2.19.1-1.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"product": {
"name": "pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"product_id": "pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-databind@2.19.1-1.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"product": {
"name": "pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"product_id": "pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-annotations@2.19.1-1.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch",
"product": {
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch",
"product_id": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-module-jaxb-annotations@2.19.1-1.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"product": {
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"product_id": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-jaxrs-json-provider@2.19.1-1.el9_4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"product": {
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"product_id": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-jaxrs-providers@2.19.1-1.el9_4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:jackson-annotations-0:2.19.1-1.el9_4.src"
},
"product_reference": "jackson-annotations-0:2.19.1-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:jackson-core-0:2.19.1-1.el9_4.src"
},
"product_reference": "jackson-core-0:2.19.1-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:jackson-databind-0:2.19.1-1.el9_4.src"
},
"product_reference": "jackson-databind-0:2.19.1-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_4.src"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:jackson-modules-base-0:2.19.1-1.el9_4.src"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-annotations-0:2.19.1-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pki-jackson-annotations-0:2.19.1-1.el9_4.noarch"
},
"product_reference": "pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-core-0:2.19.1-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pki-jackson-core-0:2.19.1-1.el9_4.noarch"
},
"product_reference": "pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-databind-0:2.19.1-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pki-jackson-databind-0:2.19.1-1.el9_4.noarch"
},
"product_reference": "pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch"
},
"product_reference": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch"
},
"product_reference": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch"
},
"product_reference": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:jackson-annotations-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-core-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-databind-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-modules-base-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-30T09:53:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:jackson-annotations-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-core-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-databind-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-modules-base-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12281"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:jackson-annotations-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-core-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-databind-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-modules-base-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:jackson-annotations-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-core-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-databind-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-jaxrs-providers-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:jackson-modules-base-0:2.19.1-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:pki-jackson-annotations-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-core-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-databind-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_4.noarch",
"AppStream-9.4.0.Z.EUS:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
RHSA-2025:12282
Vulnerability from csaf_redhat - Published: 2025-07-30 09:45 - Updated: 2026-05-10 14:27Summary
Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Severity
Important
Notes
Topic: An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Core part of Jackson that defines Streaming API as well as basic shared abstractions.
Security Fix(es):
* com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.
7.5 (High)
Affected products
Fixed
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:jackson-annotations-0:2.19.1-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:jackson-core-0:2.19.1-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:jackson-databind-0:2.19.1-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:jackson-modules-base-0:2.19.1-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-jackson-annotations-0:2.19.1-1.el9_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-jackson-core-0:2.19.1-1.el9_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-jackson-databind-0:2.19.1-1.el9_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Core part of Jackson that defines Streaming API as well as basic shared abstractions.\n\nSecurity Fix(es):\n\n* com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:12282",
"url": "https://access.redhat.com/errata/RHSA-2025:12282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12282.json"
}
],
"title": "Red Hat Security Advisory: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update",
"tracking": {
"current_release_date": "2026-05-10T14:27:04+00:00",
"generator": {
"date": "2026-05-10T14:27:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:12282",
"initial_release_date": "2025-07-30T09:45:07+00:00",
"revision_history": [
{
"date": "2025-07-30T09:45:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T09:45:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:27:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "jackson-core-0:2.19.1-1.el9_2.src",
"product": {
"name": "jackson-core-0:2.19.1-1.el9_2.src",
"product_id": "jackson-core-0:2.19.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-core@2.19.1-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-databind-0:2.19.1-1.el9_2.src",
"product": {
"name": "jackson-databind-0:2.19.1-1.el9_2.src",
"product_id": "jackson-databind-0:2.19.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-databind@2.19.1-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"product": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"product_id": "jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-jaxrs-providers@2.19.1-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-modules-base-0:2.19.1-1.el9_2.src",
"product": {
"name": "jackson-modules-base-0:2.19.1-1.el9_2.src",
"product_id": "jackson-modules-base-0:2.19.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-modules-base@2.19.1-1.el9_2?arch=src"
}
}
},
{
"category": "product_version",
"name": "jackson-annotations-0:2.19.1-1.el9_2.src",
"product": {
"name": "jackson-annotations-0:2.19.1-1.el9_2.src",
"product_id": "jackson-annotations-0:2.19.1-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jackson-annotations@2.19.1-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"product": {
"name": "pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"product_id": "pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-core@2.19.1-1.el9_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"product": {
"name": "pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"product_id": "pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-databind@2.19.1-1.el9_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"product": {
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"product_id": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-jaxrs-json-provider@2.19.1-1.el9_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"product": {
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"product_id": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-jaxrs-providers@2.19.1-1.el9_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch",
"product": {
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch",
"product_id": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-module-jaxb-annotations@2.19.1-1.el9_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"product": {
"name": "pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"product_id": "pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pki-jackson-annotations@2.19.1-1.el9_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-0:2.19.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:jackson-annotations-0:2.19.1-1.el9_2.src"
},
"product_reference": "jackson-annotations-0:2.19.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-0:2.19.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:jackson-core-0:2.19.1-1.el9_2.src"
},
"product_reference": "jackson-core-0:2.19.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-0:2.19.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:jackson-databind-0:2.19.1-1.el9_2.src"
},
"product_reference": "jackson-databind-0:2.19.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-jaxrs-providers-0:2.19.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.el9_2.src"
},
"product_reference": "jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-modules-base-0:2.19.1-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:jackson-modules-base-0:2.19.1-1.el9_2.src"
},
"product_reference": "jackson-modules-base-0:2.19.1-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-annotations-0:2.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-jackson-annotations-0:2.19.1-1.el9_2.noarch"
},
"product_reference": "pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-core-0:2.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-jackson-core-0:2.19.1-1.el9_2.noarch"
},
"product_reference": "pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-databind-0:2.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-jackson-databind-0:2.19.1-1.el9_2.noarch"
},
"product_reference": "pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch"
},
"product_reference": "pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch"
},
"product_reference": "pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch"
},
"product_reference": "pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:jackson-annotations-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-core-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-databind-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-modules-base-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-30T09:45:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:jackson-annotations-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-core-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-databind-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-modules-base-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:12282"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:jackson-annotations-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-core-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-databind-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-modules-base-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:jackson-annotations-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-core-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-databind-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-jaxrs-providers-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:jackson-modules-base-0:2.19.1-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:pki-jackson-annotations-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-core-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-databind-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-json-provider-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-jaxrs-providers-0:2.19.1-1.el9_2.noarch",
"AppStream-9.2.0.Z.E4S:pki-jackson-module-jaxb-annotations-0:2.19.1-1.el9_2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…