CVE-2017-7525

CVE-2017-7525

EPSS 37.9%CWE-184

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Affected products

FasterXML · jackson-databind

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2017:1834 https://access.redhat.com/errata/RHSA-2017:1835 https://access.redhat.com/errata/RHSA-2017:1836 https://access.redhat.com/errata/RHSA-2017:1837 https://access.redhat.com/errata/RHSA-2017:1839 https://access.redhat.com/errata/RHSA-2017:1840 https://access.redhat.com/errata/RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2633 https://access.redhat.com/errata/RHSA-2017:2635 https://access.redhat.com/errata/RHSA-2017:2636