A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
No history.
Information
Published : 2018-02-06 15:29
Updated : 2024-11-21 03:32
NVD link : CVE-2017-7525
Mitre link : CVE-2017-7525
CVE.ORG link : CVE-2017-7525
JSON object : View
Products Affected
redhat
- virtualization_host
- jboss_enterprise_application_platform
- enterprise_linux_server
- openshift_container_platform
- virtualization
netapp
- oncommand_shift
- oncommand_performance_manager
- oncommand_balance
- snapcenter
oracle
- communications_communications_policy_management
- communications_diameter_signaling_route
- enterprise_manager_for_virtualization
- utilities_advanced_spatial_and_operational_analytics
- financial_services_analytical_applications_infrastructure
- banking_platform
- communications_instant_messaging_server
- primavera_unifier
- global_lifecycle_management_opatchauto
- webcenter_portal
- communications_billing_and_revenue_management
debian
- debian_linux
fasterxml
- jackson-databind