Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:12634
HistoryJan 15, 2019 - 9:19 a.m.

Remote Code Execution (RCE) Through Deserialization

2019-01-1509:19:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

0.571 Medium

EPSS

Percentile

97.7%

Jackson-databind is vulnerable to remote code execution (RCE) attacks. This is a follow-up similar attack of CVE-2017-7525. The attack is still possible because more dangerous classes were added in the later released versions and were not blacklisted.

References