Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-17485 PoC — FasterXML jackson-databind 代码问题漏洞

Source
https://github.com/tafamace/CVE-2017-17485
Associated Vulnerability
Title:FasterXML jackson-databind 代码问题漏洞 (CVE-2017-17485)
Description:FasterXML jackson-databind是FasterXML公司的一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象。 FasterXML Jackson-databind 2.8.10及之前版本和2.9.x版本至2.9.3版本中存在代码问题漏洞。远程攻击者可通过向ObjectMapper的readValue方法发送恶意制作的JSON输入并绕过黑名单利用
File Snapshot

 [4.0K]  /data/pocs/45eea81e6a3a566492cc84271bacd03ede88dc52
├── [ 317]  Main.java
└── [1.7K]  pom.xml

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.