FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 05:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7 |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-22T04:00:00
Updated: 2024-08-05T05:47:56.169Z
Reserved: 2018-01-21T00:00:00
Link: CVE-2018-5968
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-22T04:29:00.327
Modified: 2024-11-21T04:09:46.533
Link: CVE-2018-5968
Redhat