Rohan-Repos

**Name of the Vulnerable Software and Affected Versions** jackson-core versions 3.0.0 through 3.0.x **Description** jackson-core contains core low-level incremental ("streaming") parser and generator abstractions. The `UTF8DataInputJsonParser` and `ReaderBasedJsonParser` bypass the `maxNestingDepth` constraint defined in `StreamReadConstraints`. This allows a user to supply a JSON document with excessive nesting, which can cause a `StackOverflowError` when the structure is processed, leading to a Denial of Service (DoS). The `maxNestingDepth` constraint has a default value of 500. The issue was addressed by adding a check that throws a `StreamConstraintsException` if the limit is reached. **Recommendations** jackson-core versions 3.0.0 through 3.0.x should be upgraded to version 3.1.0 or later.