Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2017-17485
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-10 Jan, 2018 | 18:00
Updated At-01 May, 2025 | 03:55
Rejected At-
▼CVE Numbering Authority (CNA)

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:1448
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0479
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0481
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1451
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0116
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0342
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/archive/1/541652/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://access.redhat.com/errata/RHSA-2018:0480
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1447
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4114
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0478
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2930
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1782
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1797
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3892
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20180201-0003/
x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1855
x_refsource_CONFIRM
https://github.com/irsl/jackson-rce-via-spel/
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:1448
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:0479
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:0481
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1449
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1450
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1451
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:0116
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:0342
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/archive/1/541652/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://access.redhat.com/errata/RHSA-2018:0480
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:1447
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2018/dsa-4114
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://access.redhat.com/errata/RHSA-2018:0478
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2018:2930
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:1782
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:1797
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:2858
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:3149
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2019:3892
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20180201-0003/
x_refsource_CONFIRM
x_transferred
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us
x_refsource_CONFIRM
x_transferred
https://github.com/FasterXML/jackson-databind/issues/1855
x_refsource_CONFIRM
x_transferred
https://github.com/irsl/jackson-rce-via-spel/
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found