A RCE vulnerability in the Jackson JSON library
Who should read this
All Struts 2 developers and users which are using the REST plugin
Impact of vulnerability
It is possible perform a RCE attack using a crafted JSON payload, please read the linked issue for more details https://github.com/FasterXML/jackson-databind/issues/1599
Maximum security rating
Upgrade to Struts 22.214.171.124
Struts 2.5 - Struts 2.5.14
David Dillard < david dot dillard at veritas dot com> - Veritas Technologies Product Security Group
Related to CVE-2017-7525
A RCE vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade
com.fasterxml.jackson to version 2.9.2 to address CVE-2017-7525.
Upgrade Jackson JSON library to the latest version.