Stack-based Buffer Overflow in com.fasterxml.jackson.core:jackson-core

Summary

The jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0-rc1, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a `StackOverflowError` if the depth is particularly large. The jackson-core contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of `1000`. The jackson-core will throw a `StreamConstraintsException` if the limit is reached. The jackson-databind also benefits from this change because it uses jackson-core to parse `JSON` inputs. As a workaround, users should avoid parsing input files from untrusted sources.