A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
21 Nov 2024, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/103880 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1039769 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/errata/RHSA-2017:3189 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2017:3190 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0342 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0478 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0479 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0480 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0481 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0576 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:0577 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1447 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1448 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1449 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1450 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:1451 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2018:2927 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:2858 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:3149 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:3892 - Third Party Advisory | |
References | () https://github.com/FasterXML/jackson-databind/issues/1680 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/FasterXML/jackson-databind/issues/1737 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E - | |
References | () https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20171214-0003/ - Third Party Advisory | |
References | () https://www.debian.org/security/2017/dsa-4037 - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - Patch, Third Party Advisory |
07 Nov 2023, 02:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-02-06 15:29
Updated : 2024-11-21 03:14
NVD link : CVE-2017-15095
Mitre link : CVE-2017-15095
CVE.ORG link : CVE-2017-15095
JSON object : View
Products Affected
oracle
- financial_services_analytical_applications_infrastructure
- communications_instant_messaging_server
- identity_manager
- banking_platform
- primavera_unifier
- communications_billing_and_revenue_management
- global_lifecycle_management_opatchauto
- enterprise_manager_for_virtualization
- clusterware
- communications_diameter_signaling_router
- database_server
- webcenter_portal
- utilities_advanced_spatial_and_operational_analytics
- jd_edwards_enterpriseone_tools
redhat
- satellite_capsule
- jboss_enterprise_application_platform
- openshift_container_platform
- enterprise_linux
- satellite
netapp
- oncommand_shift
- snapcenter
- oncommand_performance_manager
- oncommand_balance
fasterxml
- jackson-databind
debian
- debian_linux