Lucene search

PRIOn knowledge basePRION:CVE-2017-7525

HistoryFeb 06, 2018 - 3:29 p.m.

Deserialization of untrusted data

2018-02-0615:29:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

High

0.571 Medium

EPSS

Percentile

97.7%

JSON

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq9.0
jackson-databindlt2.6.7.1
jackson-databindge2.8.0
jackson-databindlt2.8.9
jackson-databindge2.7.0
jackson-databindlt2.7.9.1
jackson-databindeq2.9.0 prerelease1
jackson-databindeq2.9.0 prerelease2
banking_platformeq2.5.0

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	9.0
jackson-databind	lt	2.6.7.1
jackson-databind	ge	2.8.0
jackson-databind	lt	2.8.9
jackson-databind	ge	2.7.0
jackson-databind	lt	2.7.9.1
jackson-databind	eq	2.9.0 prerelease1
jackson-databind	eq	2.9.0 prerelease2
banking_platform	eq	2.5.0

Rows per page:

1-10 of 471

References

www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/99623

www.securitytracker.com/id/1039744

www.securitytracker.com/id/1039947

www.securitytracker.com/id/1040360

access.redhat.com/errata/RHSA-2017:1834

access.redhat.com/errata/RHSA-2017:1835

access.redhat.com/errata/RHSA-2017:1836

access.redhat.com/errata/RHSA-2017:1837

access.redhat.com/errata/RHSA-2017:1839

access.redhat.com/errata/RHSA-2017:1840

access.redhat.com/errata/RHSA-2017:2477

access.redhat.com/errata/RHSA-2017:2546

access.redhat.com/errata/RHSA-2017:2547

access.redhat.com/errata/RHSA-2017:2633

access.redhat.com/errata/RHSA-2017:2635

access.redhat.com/errata/RHSA-2017:2636

access.redhat.com/errata/RHSA-2017:2637

access.redhat.com/errata/RHSA-2017:2638

access.redhat.com/errata/RHSA-2017:3141

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

access.redhat.com/errata/RHSA-2018:0294

access.redhat.com/errata/RHSA-2018:0342

access.redhat.com/errata/RHSA-2018:1449

access.redhat.com/errata/RHSA-2018:1450

access.redhat.com/errata/RHSA-2019:0910

access.redhat.com/errata/RHSA-2019:2858

access.redhat.com/errata/RHSA-2019:3149

bugzilla.redhat.com/show_bug.cgi?id=1462702

cwiki.apache.org/confluence/display/WW/S2-055

github.com/FasterXML/jackson-databind/issues/1599

github.com/FasterXML/jackson-databind/issues/1723

lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E

lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E

lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

lists.debian.org/debian-lts-announce/2020/01/msg00037.html

lists.debian.org/debian-lts-announce/2020/08/msg00039.html

security.netapp.com/advisory/ntap-20171214-0002/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

www.debian.org/security/2017/dsa-4004

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html