Summary
Excerpt |
---|
Vulnerability A RCE vulnerability in the Jackson JSON library |
Who should read this | All Struts 2 developers and users which are using the REST plugin |
---|---|
Impact of vulnerability | Not clearIt is possible perform a RCE attack using a crafted JSON payload, please read the linked issue for more details . https://github.com/FasterXML/jackson-databind/issues/1599 |
Maximum security rating | MediumHigh |
Recommendation | Upgrade to Struts 2.5.14.1 |
Affected Software | Struts 2.5 - Struts 2.5.14 |
Reporter | David Dillard < david dot dillard at veritas dot com> - Veritas Technologies Product Security Group |
CVE Identifier | Related to CVE-2017-7525 |
Problem
A RCE vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade com.fasterxml.jackson
to version 2.9.2 to address CVE-2017-7525.
...