VDB

DEBIAN-CVE-2017-7525

DEBIAN-CVE-2017-7525 PUBLISHED CVSS 9.800000190734863 CRITICAL

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:14libjackson-json-java0, 0, 0
Debian:14jackson-databind0, 0, 0
Debian:13libjackson-json-java0, 0, 0
Debian:12jackson-databind0, 0, 0
Debian:11jackson-databind0, 0, 0
Debian:11libjackson-json-java0, 0, 0
Debian:13jackson-databind0, 0, 0
Debian:12libjackson-json-java0, 0, 0

Timeline

  • Feb 6, 2018 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›