Components Vulnerabilities Pricing MCP API

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

com.amazonaws/aws-lambda-java-serializatio… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

Sign up for free

aws-lambda-java-serialization

1.1.2

aws-lambda-java-serialization 1.1.2

com.amazonaws

PublishedMar 13, 2023•Policy

compliance

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (0)

High (3)

Medium (1)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

8.7CVE-2025-52999

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.

PublishedJun 27, 2025

6.9sonatype-2025-000535

github.com/sigstore/sigstore-java (gson) - Stack-based Buffer Overflow [CVE-2025-53864]

7.5CVE-2023-5072

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

PublishedOct 13, 2023

7.5sonatype-2022-6438

jackson-core - Denial of Service (DoS)

PublishedDec 7, 2022

Feb 13, 2025