FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
History

Fri, 23 Aug 2024 05:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-22T04:00:00

Updated: 2024-08-05T05:47:56.169Z

Reserved: 2018-01-21T00:00:00

Link: CVE-2018-5968

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-22T04:29:00.327

Modified: 2024-11-21T04:09:46.533

Link: CVE-2018-5968

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-01-18T00:00:00Z

Links: CVE-2018-5968 - Bugzilla