CVE-2017-7525

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-7525
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7525.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7525
Aliases
Downstream
Related
Published
2018-02-06T15:29:00.297Z
Modified
2026-03-15T22:17:58.908191Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

References

Affected packages

Git / github.com/FasterXML/jackson-databind

Affected ranges

Type
GIT
Repo
https://github.com/FasterXML/jackson-databind
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f7abd682a7b2f8145ecff1c4e205073949f1e623
Introduced
50791cc7856376949287e0be3e96147665ab8f68
Fixed
8419c81fad9c7b884b6a02de7b5f1ce5700cbf32
Introduced
81929fad84189ce59ef82e7a6d0df795eb0c7cdb
Fixed
c45ed8c4cbf6c29317bf4cf562558884fa698eec
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d90fe4c654d1c1d54e24b15deae3ad0443b0f8f6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
418ee6e0a91401365982794cc9b18a55b26655e5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9efc4abb22c664c492271bc9907bbfbf4f70889c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
21f90cf247018c1286cc20544029782450dc270a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
060726b011b008496cd8bb0997ee94a6b73530d1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3739d9dfbf24b6822b90274ba346ad209eb289fd
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.6.7.1"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.9.1"
        },
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.0-prerelease1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.0-prerelease2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.2"
        }
    ]
}

Affected versions

jackson-databind-2.*
jackson-databind-2.6.5
jackson-databind-2.6.6
jackson-databind-2.6.7
jackson-databind-2.7.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7525.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "3.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "12.0"
            },
            {
                "last_affected": "12.5.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "8.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0.1.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.2.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.2.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.3.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.2.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.3.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.4.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.5.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.6.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.7.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "12.2.0.1.14"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.1"
            },
            {
                "last_affected": "17.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.7.0.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    }
]