Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2018-0138
HistoryFeb 25, 2018 - 2:25 a.m.

Updated jackson-databind packages fix security vulnerability

2018-02-2502:25:24
Gentoo Foundation
advisories.mageia.org
16

0.14 Low

EPSS

Percentile

95.7%

JSON

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper (CVE-2017-17485). A flaw was found in FasterXML jackson-databind which allows unauthenticated remote code execution due deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist (CVE-2018-5968).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchjackson-databind< 2.7.6-1.3jackson-databind-2.7.6-1.3.mga6

Related

nessus 12
openvas 4
osv 6
debian 2
debiancve 2
cvelist 3
github 3
cve 3
ibm 22
ubuntucve 2
redhatcve 3
veracode 3
prion 3
fedora 2
seebug 1
redhat 18
checkpoint_advisories 1
hp 1
oracle 1
nessus
nessus
Debian DSA-4114-1 : jackson-databind - security update
2018-02-16 00:00:00
RHEL 7 : rh-eclipse46-jackson-databind (RHSA-2018:0116)
2018-04-30 00:00:00
RHEL 7 : rhvm-appliance (RHSA-2018:1525)
2018-05-18 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4114-1)
2018-02-14 00:00:00
Mageia: Security Advisory (MGASA-2018-0138)
2022-01-28 00:00:00
Fedora Update for jackson-databind FEDORA-2018-bbf8c38b51
2018-02-08 00:00:00
osv
osv
jackson-databind - security update
2018-02-15 00:00:00
Deserialization of Untrusted Data in jackson-databind
2020-06-30 20:40:50
CVE-2018-5968
2018-01-22 04:29:00
debian
debian
[SECURITY] [DSA 4114-1] jackson-databind security update
2018-02-15 07:04:58
[SECURITY] [DSA 4114-1] jackson-databind security update
2018-02-15 07:05:23
debiancve
debiancve
CVE-2018-5968
2018-01-22 04:29:00
CVE-2017-17485
2018-01-10 18:29:00
cvelist
cvelist
CVE-2018-5968
2018-01-22 04:00:00
CVE-2017-17485
2018-01-10 18:00:00
CVE-2019-10202
2019-10-01 14:22:30
github
github
Deserialization of Untrusted Data in jackson-databind
2020-06-30 20:40:50
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
2018-10-18 17:42:48
Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl
2022-05-24 16:57:28
cve
cve
CVE-2018-5968
2018-01-22 04:29:00
CVE-2017-17485
2018-01-10 18:29:00
CVE-2019-10202
2019-10-01 15:15:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server
2018-07-12 00:16:00
Security Bulletin: Multiple vulnerabilities has been identified in Jackson JSON library shipped with IBM Tivoli Netcool/OMNIbus Integrations Transport Module Common Integration Library (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
2018-06-17 15:51:29
Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)
2023-01-03 15:55:34
ubuntucve
ubuntucve
CVE-2018-5968
2018-01-22 00:00:00
CVE-2017-17485
2018-01-10 00:00:00
redhatcve
redhatcve
CVE-2018-5968
2020-04-09 12:20:28
CVE-2019-10202
2019-10-12 02:27:16
CVE-2017-17485
2020-04-09 07:26:09
veracode
veracode
Remote Code Execution (RCE)
2018-01-22 07:53:13
Remote Code Execution (RCE)
2019-01-15 09:20:28
Remote Code Execution (RCE)
2018-01-11 02:20:08
prion
prion
Remote code execution
2018-01-22 04:29:00
Design/Logic Flaw
2018-01-10 18:29:00
Deserialization of untrusted data
2019-10-01 15:15:00
fedora
fedora
[SECURITY] Fedora 26 Update: jackson-databind-2.7.6-8.fc26
2018-02-07 13:00:23
[SECURITY] Fedora 27 Update: jackson-databind-2.7.6-8.fc27
2018-02-07 13:18:19
seebug
seebug
Jackson-databind 远程代码执行漏洞(CVE-2017-17485)
2018-01-11 00:00:00
redhat
redhat
(RHSA-2018:1525) Important: rhvm-appliance security and enhancement update
2018-05-15 18:44:54
(RHSA-2018:0479) Important: JBoss Enterprise Application Platform 7.1.1 on RHEL 6
2018-03-12 16:34:40
(RHSA-2018:0342) Important: rh-maven35-jackson-databind security update
2018-02-22 08:56:45
checkpoint_advisories
checkpoint_advisories
Apache Struts2 Jackson Library Remote Code Execution (CVE-2017-15095; CVE-2017-17485; CVE-2017-7525; CVE-2018-7489)
2017-12-05 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

0.14 Low

EPSS

Percentile

95.7%

JSON
Related for MGASA-2018-0138
nessus12openvas4osv6debian2debiancve2cvelist3github3cve3ibm22ubuntucve2redhatcve3veracode3prion3fedora2seebug1redhat18checkpoint_advisories1hp1oracle1