Back to search
CVE-2017-15095
Published: Feb 6, 2018
Modified: Sep 16, 2024
PUBLISHED
Description
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
| Vendor | Product | Versions |
|---|---|---|
FasterXML | jackson-databind | affected before 2.8.10affected before 2.9.1 |
Weaknesses (CWE)
References
RHSA-2018:1448
vendor-advisory
x_refsource_REDHAT
103880
vdb-entry
x_refsource_BID
RHSA-2018:0479
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0481
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1449
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1450
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0577
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0576
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3190
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1451
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3189
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2927
vendor-advisory
x_refsource_REDHAT
1039769
vdb-entry
x_refsource_SECTRACK
RHSA-2018:0342
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0480
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1447
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0478
vendor-advisory
x_refsource_REDHAT
DSA-4037
vendor-advisory
x_refsource_DEBIAN
RHSA-2019:2858
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3149
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3892
vendor-advisory
x_refsource_REDHAT
[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update
mailing-list
x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20171214-0003/
x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1737
x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1680
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now