A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-02-06 15:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-7525
Mitre link : CVE-2017-7525
CVE.ORG link : CVE-2017-7525
JSON object : View
Products Affected
oracle
- communications_diameter_signaling_route
- global_lifecycle_management_opatchauto
- primavera_unifier
- utilities_advanced_spatial_and_operational_analytics
- communications_communications_policy_management
- banking_platform
- financial_services_analytical_applications_infrastructure
- webcenter_portal
- communications_billing_and_revenue_management
- communications_instant_messaging_server
- enterprise_manager_for_virtualization
redhat
- openshift_container_platform
- enterprise_linux_server
- virtualization_host
- virtualization
- jboss_enterprise_application_platform
fasterxml
- jackson-databind
netapp
- snapcenter
- oncommand_balance
- oncommand_performance_manager
- oncommand_shift
debian
- debian_linux