Lucene search

K
redhatRedHatRHSA-2017:1840
HistoryJul 31, 2017 - 4:09 p.m.

(RHSA-2017:1840) Important: devtoolset-4-jackson-databind security update

2017-07-3116:09:44
access.redhat.com
59

0.571 Medium

EPSS

Percentile

97.7%

The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.

Security Fix(es):

  • A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting this issue.