Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-16118

CVE-2018-7489 : jackson-databind Remote Code Execution (RCE)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Major
    • 7.1.3.GA
    • None
    • Server
    • None

    Description

      jackson-databind is vulnerable to remote code execution (RCE) attacks. Due to an incomplete fix for `CVE-2017-7525`, attackers can still send malicious code through JSON.

      Attachments

        Activity

          People

            bstansbe@redhat.com Brian Stansberry
            tdiesler@redhat.com Thomas Diesler
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: