A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-04-11T00:00:00
Updated: 2021-09-27T17:06:10
Reserved: 2017-04-05T00:00:00
Link: CVE-2017-7525
JSON object: View
NVD Information
Status : Modified
Published: 2018-02-06T15:29:00.297
Modified: 2023-11-07T02:50:11.807
Link: CVE-2017-7525
JSON object: View
Redhat Information
No data.