CVE-2018-5968
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
- Published date
- 2018-01-22T04:29Z
- Last modification date
- 2021-01-21T16:22Z
- Assigner
- cve@mitre.org
- Problem type
- CWE-184
Impact
- CVSS v3 vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
| Name | URL | Source | Tags |
|---|---|---|---|
| https://github.com/FasterXML/jackson-databind/issues/1899 | https://github.com/FasterXML/jackson-databind/issues/1899 | MISC | Third Party Advisory |
| DSA-4114 | https://www.debian.org/security/2018/dsa-4114 | DEBIAN | Third Party Advisory |
| RHSA-2018:0481 | https://access.redhat.com/errata/RHSA-2018:0481 | REDHAT | Third Party Advisory |
| RHSA-2018:0480 | https://access.redhat.com/errata/RHSA-2018:0480 | REDHAT | Third Party Advisory |
| RHSA-2018:0479 | https://access.redhat.com/errata/RHSA-2018:0479 | REDHAT | Third Party Advisory |
| RHSA-2018:0478 | https://access.redhat.com/errata/RHSA-2018:0478 | REDHAT | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20180423-0002/ | https://security.netapp.com/advisory/ntap-20180423-0002/ | CONFIRM | Third Party Advisory |
| RHSA-2018:1525 | https://access.redhat.com/errata/RHSA-2018:1525 | REDHAT | Third Party Advisory |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us | CONFIRM | Third Party Advisory |
| RHSA-2019:2858 | https://access.redhat.com/errata/RHSA-2019:2858 | REDHAT | Third Party Advisory |
| RHSA-2019:3149 | https://access.redhat.com/errata/RHSA-2019:3149 | REDHAT | Third Party Advisory |
| https://www.oracle.com/security-alerts/cpuoct2020.html | https://www.oracle.com/security-alerts/cpuoct2020.html | MISC | Third Party Advisory |