A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
12 Apr 2022, 16:17
Type | Values Removed | Values Added |
---|---|---|
CPE | ||
References | (MLIST) https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - Patch, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - Patch, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html - Patch, Third Party Advisory |
27 Sep 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Sep 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-02-06 15:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-7525
Mitre link : CVE-2017-7525
CVE.ORG link : CVE-2017-7525
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- virtualization_host
- jboss_enterprise_application_platform
- openshift_container_platform
- virtualization
oracle
- communications_diameter_signaling_route
- banking_platform
- communications_instant_messaging_server
- communications_billing_and_revenue_management
- webcenter_portal
- enterprise_manager_for_virtualization
- global_lifecycle_management_opatchauto
- utilities_advanced_spatial_and_operational_analytics
- communications_communications_policy_management
- primavera_unifier
- financial_services_analytical_applications_infrastructure
netapp
- oncommand_performance_manager
- oncommand_balance
- snapcenter
- oncommand_shift
debian
- debian_linux
fasterxml
- jackson-databind