Critical severity9.8NVD Advisory· Published Feb 6, 2018· Updated Jun 17, 2026
CVE-2017-7525
CVE-2017-7525
Description
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.core:jackson-databindMaven | < 2.6.7.1 | 2.6.7.1 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.7.0, < 2.7.9.1 | 2.7.9.1 |
com.fasterxml.jackson.core:jackson-databindMaven | >= 2.8.0, < 2.8.9 | 2.8.9 |
Affected products
2- Range: before 2.6.7.1
Patches
Vulnerability mechanics
References
84- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlnvdPatchThird Party AdvisoryWEB
- github.com/FasterXML/jackson-databind/issues/1599nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/99623nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039744nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039947nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040360nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1834nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:1835nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:1836nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:1837nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:1839nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:1840nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2477nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2546nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2547nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2633nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2635nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2636nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2637nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:2638nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3141nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3454nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3455nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3456nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3458nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0294nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0342nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1449nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:1450nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0910nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:2858nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:3149nvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- cwiki.apache.org/confluence/display/WW/S2-055nvdThird Party AdvisoryWEB
- github.com/FasterXML/jackson-databind/issues/1723nvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-qxxx-2pp7-5hmxghsaADVISORY
- lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2020/08/msg00039.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-7525ghsaADVISORY
- security.netapp.com/advisory/ntap-20171214-0002/nvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party AdvisoryWEB
- www.debian.org/security/2017/dsa-4004nvdThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdThird Party AdvisoryWEB
- github.com/FasterXML/jackson-databind/commit/3bfbb835e530055c1941ddf87fde0b08d08dcd38ghsaWEB
- github.com/FasterXML/jackson-databind/commit/60d459cedcf079c6106ae7da2ac562bc32dcabe1ghsaWEB
- github.com/FasterXML/jackson-databind/commit/680d75b011edd67a2d2a2e9980998a968194c2efghsaWEB
- github.com/FasterXML/jackson-databind/commit/6ce32ffd18facac6abdbbf559c817b47fcb622c1ghsaWEB
- github.com/FasterXML/jackson-databind/commit/90042692085deeb05ae75c569c9909f7dba24415ghsaWEB
- github.com/FasterXML/jackson-databind/commit/fa87c1ddbe803ebb7295f5c2ebfe38e12f6e6162ghsaWEB
- github.com/FasterXML/jackson-databind/commit/fd8dec2c7fab8b4b4bd60502a0f1d63ec23c24daghsaWEB
- lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b@%3Ccommits.cassandra.apache.org%3EghsaWEB
- lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399@%3Csolr-user.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87@%3Csolr-user.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486@%3Cdev.lucene.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7@%3Ccommits.cassandra.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589@%3Cissues.spark.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c@%3Ccommits.cassandra.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20171214-0002ghsaWEB
- lists.apache.org/thread.html/3c87dc8bca99a2b3b4743713b33d1de05b1d6b761fdf316224e9c81f%40%3Cdev.lucene.apache.org%3Envd
- lists.apache.org/thread.html/4641ed8616ccc2c1fbddac2c3dc9900c96387bc226eaf0232d61909b%40%3Ccommits.cassandra.apache.org%3Envd
- lists.apache.org/thread.html/5008bcbd45ee65ce39e4220b6ac53d28a24d6bc67d5804e9773a7399%40%3Csolr-user.lucene.apache.org%3Envd
- lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3Envd
- lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Envd
- lists.apache.org/thread.html/b1f33fe5ade396bb903fdcabe9f243f7692c7dfce5418d3743c2d346%40%3Cdev.lucene.apache.org%3Envd
- lists.apache.org/thread.html/c10a2bf0fdc3d25faf17bd191d6ec46b29a353fa9c97bebd7c4e5913%40%3Cdev.lucene.apache.org%3Envd
- lists.apache.org/thread.html/c2ed4c0126b43e324cf740012a0edd371fd36096fd777be7bfe7a2a6%40%3Cdev.lucene.apache.org%3Envd
- lists.apache.org/thread.html/c9d5ff20929e8a3c8794facf4c4b326a9c10618812eec356caa20b87%40%3Csolr-user.lucene.apache.org%3Envd
- lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3Envd
- lists.apache.org/thread.html/f60afd3c7e9ebaaf70fad4a4beb75cf8740ac959017a31e7006c7486%40%3Cdev.lucene.apache.org%3Envd
- lists.apache.org/thread.html/r42ac3e39e6265db12d9fc6ae1cd4b5fea7aed9830dc6f6d58228fed7%40%3Ccommits.cassandra.apache.org%3Envd
- lists.apache.org/thread.html/r68acf97f4526ba59a33cc6e592261ea4f85d890f99e79c82d57dd589%40%3Cissues.spark.apache.org%3Envd
- lists.apache.org/thread.html/rf7f87810c38dc9abf9f93989f76008f504cbf7c1a355214640b2d04c%40%3Ccommits.cassandra.apache.org%3Envd
News mentions
0No linked articles in our index yet.