QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-17485

Back to search

CVE-2017-17485

Published: Jan 10, 2018

Modified: Aug 27, 2025

PUBLISHED

Description

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2018:1448
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0479
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0481
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1449
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1450
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1451
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0116
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0342
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0480
vendor-advisory
x_refsource_REDHAT
RHSA-2018:1447
vendor-advisory
x_refsource_REDHAT
DSA-4114
vendor-advisory
x_refsource_DEBIAN
RHSA-2018:0478
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2930
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1782
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1797
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2858
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3149
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3892
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now