Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 637684 (CVE-2017-7525)

Summary: dev-java/ jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
Product: Gentoo Security Reporter: Francis Booth <boothf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal CC: java
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/FasterXML/jackson-databind/issues/1723
Whiteboard: ~2 [ebuild]
Package list:
Runtime testing required: ---

Description Francis Booth 2017-11-16 14:59:30 UTC 
A deserialization flaw in jackson-databind was found allowing code execution when given maliocusly crafted input to readValue method of ObjectMapper.



~ eleix (Security Padawan)
Comment 1 D'juan McDonald (domhnall) 2018-09-08 01:09:53 UTC 
Fixed in version(s) >=2.8.10, 2.9.1

https://github.com/FasterXML/jackson-databind/issues/1847
Comment 2 D'juan McDonald (domhnall) 2018-09-08 02:54:18 UTC 
Superseded by: bug 648952