CVE-2017-17485 -- libjackson2-databind-javaID: oval:org.secpod.oval:def:1901058 | Date: (C)2019-03-04 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
FasterXML libjackson2-databind-java through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |
Product: |
libjackson2-databind-java |