Show filters
12 Total Results
Displaying 11-12 of 12
Sort by:
Attacker Value
Unknown
CVE-2017-17485
Disclosure Date: January 10, 2018 (last updated November 26, 2024)
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
0
Attacker Value
Unknown
CVE-2017-7525
Disclosure Date: April 11, 2017 (last updated December 06, 2023)
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
0