CVE-2017-7525

CVE-2017-7525

EPSS 37.9%CWE-184

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Produtos afetados

FasterXML · jackson-databind

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2017:1834 https://access.redhat.com/errata/RHSA-2017:1835 https://access.redhat.com/errata/RHSA-2017:1836 https://access.redhat.com/errata/RHSA-2017:1837 https://access.redhat.com/errata/RHSA-2017:1839 https://access.redhat.com/errata/RHSA-2017:1840 https://access.redhat.com/errata/RHSA-2017:2477 https://access.redhat.com/errata/RHSA-2017:2546 https://access.redhat.com/errata/RHSA-2017:2547 https://access.redhat.com/errata/RHSA-2017:2633 https://access.redhat.com/errata/RHSA-2017:2635 https://access.redhat.com/errata/RHSA-2017:2636