VDB

GCVE-110-MAGEIA-2018-138

GCVE-110-MAGEIA-2018-138
Advisory Published
Vulnetix · Advisory published February 24, 2018
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper (CVE-2017-17485). A flaw was found in FasterXML jackson-databind which allows unauthenticated remote code execution due deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist (CVE-2018-5968).

Affected Products

VendorProductVersionsPlatforms
Mageiajackson-databind0 (affected), 2.7.6-1.3.mga6 (unaffected), 0 (affected), 2.7.6-1.3.mga6 (unaffected)
Mageiakajongg0 (affected), 17.12.2-1.1.mga6 (unaffected)

Browse GCVE Records

73,442 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›