Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:8105
HistoryJan 03, 2019 - 2:29 a.m.

Remote Code Execution (RCE)

2019-01-0302:29:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16

EPSS

0.571

Percentile

97.7%

jackson-databind is vulnerable to remote code execution. The application does not block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization, which would allow a remote attacker to leverage this vulnerability to execute arbitrary code. This vulnerability is due to an incomplete fix for the CVE-2017-7525.

References