Miggo Logo
Miggo Vulnerability Database
CVE-2017-7525

CVE-2017-7525:
jackson-databind is vulnerable to a deserialization flaw

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2017-7525
GHSA ID
GHSA-qxxx-2pp7-5hmx
EPSS Score
0.98916%
CWE
CWE-184
Published
10/16/2018
Updated
3/1/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.fasterxml.jackson.core:jackson-databindmaven>= 2.8.0, < 2.8.92.8.9
com.fasterxml.jackson.core:jackson-databindmaven<= 2.6.7.02.6.7.1
com.fasterxml.jackson.core:jackson-databindmaven>= 2.7.0, <= 2.7.9.02.7.9.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

* **s*ri*liz*tion *l*w w*s *is*ov*r** in t** j**kson-**t**in*, v*rsions ***or* *.*.*.*, *.*.*.* *n* *.*.*, w*i** *oul* *llow *n un*ut**nti**t** us*r to p*r*orm *o** *x**ution *y s*n*in* t** m*li*iously *r**t** input to t** r***V*lu* m*t*o* o* t** O*j

Reasoning

No *n*lysis *v*il**l*