Child pages
  • S2-055

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

Excerpt

Vulnerability A RCE vulnerability in the Jackson JSON library

Who should read this

All Struts 2 developers and users which are using the REST plugin

Impact of vulnerability

Not clearIt is possible perform a RCE attack using a crafted JSON payload, please read the linked issue for more details . https://github.com/FasterXML/jackson-databind/issues/1599

Maximum security rating

MediumHigh

Recommendation

Upgrade to Struts 2.5.14.1

Affected Software

Struts 2.5 - Struts 2.5.14

Reporter

David Dillard < david dot dillard at veritas dot com> - Veritas Technologies Product Security Group

CVE Identifier

Related to CVE-2017-7525

Problem

A RCE vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade com.fasterxml.jackson to version 2.9.2 to address CVE-2017-7525.

...