← voltar
CVE-2018-7489

CVE-2018-7489

EPSS 20.5%
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2018:1447https://access.redhat.com/errata/RHSA-2018:1448https://access.redhat.com/errata/RHSA-2018:1449https://access.redhat.com/errata/RHSA-2018:1450https://access.redhat.com/errata/RHSA-2018:1451https://access.redhat.com/errata/RHSA-2018:1786https://access.redhat.com/errata/RHSA-2018:2088https://access.redhat.com/errata/RHSA-2018:2089https://access.redhat.com/errata/RHSA-2018:2090https://access.redhat.com/errata/RHSA-2018:2938https://access.redhat.com/errata/RHSA-2018:2939https://access.redhat.com/errata/RHSA-2019:2858