Describe the bug
Xray reports CVE-2025-52999 against com.fasterxml.jackson.core:jackson-core. This CVE affects versions < 2.15.0. Our installed version is 2.21.3, which is far above the fix threshold.
To Reproduce
Xray scan a software containing jackson-core 2.21.3 and see CVE-2025-52999 reported. This CVE impacts jackson-core < 2.15.0 only.
Expected behavior
CVE-2025-52999 should not be reported for jackson-core >= 2.15.0.
Versions
- Package: com.fasterxml.jackson.core:jackson-core:2.21.3
- Vulnerable range per NVD: < 2.15.0
- Fix version: 2.15.0
Additional context
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52999
Describe the bug
Xray reports CVE-2025-52999 against com.fasterxml.jackson.core:jackson-core. This CVE affects versions < 2.15.0. Our installed version is 2.21.3, which is far above the fix threshold.
To Reproduce
Xray scan a software containing jackson-core 2.21.3 and see CVE-2025-52999 reported. This CVE impacts jackson-core < 2.15.0 only.
Expected behavior
CVE-2025-52999 should not be reported for jackson-core >= 2.15.0.
Versions
Additional context
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52999