CVE-2017-7525

UNKNOWN

Published 2018-02-06T15:00:00Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-7525. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

FasterXML

jackson-databind

Affected Versions:

before 2.6.7.1 before 2.7.9.1 before 2.8.9

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

jackson-databind is vulnerable to a deserialization flaw

GHSA-qxxx-2pp7-5hmx

Advisory Details

Affected Packages

Maven com.fasterxml.jackson.core:jackson-databind

ECOSYSTEM: ≥0 <2.6.7.1

Maven com.fasterxml.jackson.core:jackson-databind

ECOSYSTEM: ≥2.7.0 <2.7.9.1

Maven com.fasterxml.jackson.core:jackson-databind

ECOSYSTEM: ≥2.8.0 <2.8.9

CVSS Scoring

CVSS Score

9.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-7525

WEB https://github.com/FasterXML/jackson-databind/issues/1723

WEB https://github.com/FasterXML/jackson-databind/issues/1599

WEB https://github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24da

WEB https://github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162

WEB https://github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38

WEB https://github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1

WEB https://github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2ef

WEB https://github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1

WEB https://github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415

ADVISORY https://github.com/advisories/GHSA-qxxx-2pp7-5hmx

WEB https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3E

WEB https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

WEB https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3E

WEB https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

WEB https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

WEB https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

WEB https://www.oracle.com/security-alerts/cpuoct2020.html

WEB https://www.debian.org/security/2017/dsa-4004

WEB https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

WEB https://security.netapp.com/advisory/ntap-20171214-0002

WEB https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html

WEB https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

WEB https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3E

WEB https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3E

WEB https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3E

WEB https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3E

WEB https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3E

WEB https://access.redhat.com/errata/RHSA-2017:1834

WEB https://access.redhat.com/errata/RHSA-2017:1835

WEB https://access.redhat.com/errata/RHSA-2017:1836

WEB https://access.redhat.com/errata/RHSA-2017:1837

WEB https://access.redhat.com/errata/RHSA-2017:1839

WEB https://access.redhat.com/errata/RHSA-2017:1840

WEB https://access.redhat.com/errata/RHSA-2017:2477

WEB https://access.redhat.com/errata/RHSA-2017:2546

WEB https://access.redhat.com/errata/RHSA-2017:2547

WEB https://access.redhat.com/errata/RHSA-2017:2633

WEB https://access.redhat.com/errata/RHSA-2017:2635

WEB https://access.redhat.com/errata/RHSA-2017:2636

WEB https://access.redhat.com/errata/RHSA-2017:2637

WEB https://access.redhat.com/errata/RHSA-2017:2638

WEB https://access.redhat.com/errata/RHSA-2017:3141

WEB https://access.redhat.com/errata/RHSA-2017:3454

WEB https://access.redhat.com/errata/RHSA-2017:3455

WEB https://access.redhat.com/errata/RHSA-2017:3456

WEB https://access.redhat.com/errata/RHSA-2017:3458

WEB https://access.redhat.com/errata/RHSA-2018:0294

WEB https://access.redhat.com/errata/RHSA-2018:0342

WEB https://access.redhat.com/errata/RHSA-2018:1449

WEB https://access.redhat.com/errata/RHSA-2018:1450

WEB https://access.redhat.com/errata/RHSA-2019:0910

WEB https://access.redhat.com/errata/RHSA-2019:2858

WEB https://access.redhat.com/errata/RHSA-2019:3149

WEB https://bugzilla.redhat.com/show_bug.cgi?id=1462702

WEB https://cwiki.apache.org/confluence/display/WW/S2-055

PACKAGE https://github.com/FasterXML/jackson-databind

WEB http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

WEB http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

WEB http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Advisory provided by GitHub Security Advisory Database. Published: October 16, 2018, Modified: March 1, 2024

References

http://www.securitytracker.com/id/1040360

https://access.redhat.com/errata/RHSA-2017:1840

https://access.redhat.com/errata/RHSA-2017:2547

https://access.redhat.com/errata/RHSA-2017:1836

https://access.redhat.com/errata/RHSA-2017:1835

https://access.redhat.com/errata/RHSA-2018:1449

http://www.securitytracker.com/id/1039744

http://www.securitytracker.com/id/1039947

https://access.redhat.com/errata/RHSA-2017:2635

https://access.redhat.com/errata/RHSA-2017:2638

https://access.redhat.com/errata/RHSA-2018:1450

https://access.redhat.com/errata/RHSA-2017:3458

https://access.redhat.com/errata/RHSA-2018:0294

https://access.redhat.com/errata/RHSA-2017:1837

https://access.redhat.com/errata/RHSA-2017:1834

https://access.redhat.com/errata/RHSA-2017:2546

https://access.redhat.com/errata/RHSA-2017:2636

https://access.redhat.com/errata/RHSA-2017:3455

https://access.redhat.com/errata/RHSA-2017:2477

https://access.redhat.com/errata/RHSA-2017:3456

https://access.redhat.com/errata/RHSA-2018:0342

https://access.redhat.com/errata/RHSA-2017:1839

http://www.securityfocus.com/bid/99623

https://access.redhat.com/errata/RHSA-2017:2637

https://access.redhat.com/errata/RHSA-2017:3454

https://www.debian.org/security/2017/dsa-4004

https://access.redhat.com/errata/RHSA-2017:3141

https://access.redhat.com/errata/RHSA-2017:2633

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

https://lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3E

https://lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3E

https://access.redhat.com/errata/RHSA-2019:0910

https://access.redhat.com/errata/RHSA-2019:2858

https://access.redhat.com/errata/RHSA-2019:3149

https://lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3E

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3E

https://lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3E

https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://lists.debian.org/debian-lts-announce/2020/08/msg00039.html

https://www.oracle.com/security-alerts/cpuoct2020.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us

https://github.com/FasterXML/jackson-databind/issues/1723

https://github.com/FasterXML/jackson-databind/issues/1599

https://bugzilla.redhat.com/show_bug.cgi?id=1462702

https://security.netapp.com/advisory/ntap-20171214-0002/

https://cwiki.apache.org/confluence/display/WW/S2-055

https://lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3E

https://lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3E

https://lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3E

Published: 2018-02-06T15:00:00Z

Last Modified: 2024-09-17T02:21:29.302Z

Copied to clipboard!

CVE-2017-7525

Expert Analysis

Description

Available Exploits

Related News

Affected Products

jackson-databind

Affected Versions:

GitHub Security Advisories

jackson-databind is vulnerable to a deserialization flaw

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!