Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637684 (CVE-2017-7525) - dev-java/ jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
Summary: dev-java/ jackson-databind: Deserialization vulnerability via readValue metho...
Alias: CVE-2017-7525
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: ~2 [ebuild]
Depends on:
Reported: 2017-11-16 14:59 UTC by Francis Booth
Modified: 2018-09-08 08:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Francis Booth 2017-11-16 14:59:30 UTC
A deserialization flaw in jackson-databind was found allowing code execution when given maliocusly crafted input to readValue method of ObjectMapper.

~ eleix (Security Padawan)
Comment 1 D'juan McDonald (domhnall) 2018-09-08 01:09:53 UTC
Fixed in version(s) >=2.8.10, 2.9.1
Comment 2 D'juan McDonald (domhnall) 2018-09-08 02:54:18 UTC
Superseded by: bug 648952