CVE-2017-7525

jackson-databind is vulnerable to a deserialization flaw

Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

Severity

Ecosystem

Java

Publish Date

October 16, 2018

Modified Date

March 11, 2024

Score Vector

Affected Versions