According to this notice:

FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.

Notes
It doesn't look like we use StreamReadConstraints. Probably a false positive.

[INFO] |  +- info.magnolia.webhooks:magnolia-webhooks-core:jar:1.0.2:compile
[INFO] |  |  +- org.antlr:antlr4-runtime:jar:4.9.2:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.13.5:compile

—
The issue looks indeed like a false positive:

• the daily CVE check based on https://nvd.nist.gov/ used by Magnolia hasn't reported jackson-core 2.13.5 as vulnerable so far
• there is no such vulnerable class com/fasterxml/jackson/core/StreamReadConstraints.java in the branch used by Magnolia, as the class was introduced in a later version (2.15)