3 matches found
jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisti...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +5546 more potentially affected by CVE-2017-15095 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.7.9.1)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.2, =0.8.0, =3.3.3, =0.0.1, =0.0.2, =0.0.3 - at.ac.ait.lablink.clients:sync =0.0.1 - at.ac.ait.lablink:core =0.0.1 and more Source cves: CVE-2017-15095 Source advisory:...
al.bluecryst:bluecrystal (>=2.3.0 <=2.3.4), al.bluecryst:bluecrystal.deps.service (>=1.5.6 <=1.16.0) +3843 more potentially affected by CVE-2017-15095 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.10)
com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =2.5.0-beta.0, =3.5.4-rc.0, =3.5.9, =3.5.9, =3.5.15, =3.5.15, =2.5.0-beta.0, =3.5.21 and more Source cves: CVE-2017-15095 Source advisory: OSV:GHSA-H592-38CM-4GGP...