Lucene search

K
redhatcveRedhat.comRH:CVE-2017-17485
HistoryApr 09, 2020 - 7:26 a.m.

CVE-2017-17485

2020-04-0907:26:09
redhat.com
access.redhat.com
21

0.571 Medium

EPSS

Percentile

97.7%

A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.