Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FasterXML jackson-databind 代码问题漏洞
Vulnerability Description
FasterXML jackson-databind是一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。 FasterXML Jackson-databind 2.8.11.1之前版本和2.9.5之前的2.9.x版本中存在代码问题漏洞。远程攻击者可通过向ObjectMapper的readValue方法发送恶意制作的JSON输入利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A