Vulnerability in the Jackson JSON library
| | | | :------------ | :------------ | | Who should read this | All Struts 2 developers and users which are using the REST plugin | | Impact of vulnerability | Not clear, please read the linked issue for more details. https://github.com/FasterXML/jackson-databind/issues/1599 | | Maximum security rating | Medium | | Recommendation | Upgrade to Struts 126.96.36.199 | | Affected Software | Struts 2.5 - Struts 2.5.14 | | Reporter | David Dillard < david dot dillard at veritas dot com> - Veritas Technologies Product Security Group | | CVE Identifier | CVE-2017-7525 |
A vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade com.fasterxml.jackson to version 2.9.2 to address CVE-2017-7525.
Upgrade to Apache Struts version 188.8.131.52. Another solution is to manually upgrade Jackson dependencies in your project to not vulnerable versions, see this comment.
No backward incompatibility issues are expected.
Upgrade Jackson JSON library to the latest version.