1. jackson-core Async Parser Bypasses Number Length Constraint, Raising DoS Risk
A vulnerability in the non-blocking JSON parser of jackson-core allows input with arbitrarily long numbers to bypass the `maxNumberLength` constraint enforced by `StreamReadConstraints`. The standard synchronous parser correctly applies this limit, which defaults to 1000 characters, but the async parsing path fails to ...