Components Vulnerabilities Pricing MCP API

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

co.elastic.apm/apm-agent-java 0.1.2 | Vuln… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

Sign up for free

apm-agent-java

0.1.2

apm-agent-java 0.1.2

Latest

co.elastic.apm

PublishedApr 16, 2018•Policy

compliance

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (0)

High (8)

Medium (0)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

8.7CVE-2025-52999

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

PublishedJun 27, 2025

7.5CVE-2023-3635

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

PublishedJul 13, 2023

7.5sonatype-2022-6438

jackson-core - Denial of Service (DoS)

PublishedDec 7, 2022

7.5CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

PublishedOct 3, 2022

7.5CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

PublishedOct 3, 2022

7.5CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

PublishedMar 15, 2022

7.5CVE-2021-0341

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069

PublishedFeb 9, 2021

7.5CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

PublishedOct 16, 2020