...
Who should read this | All Struts 2 developers and users which are using the REST plugin |
|---|---|
Impact of vulnerability | Not clear, please read the linked issue for more details. https://github.com/FasterXML/jackson-databind/issues/1599 |
Maximum security rating | Medium |
Recommendation | Upgrade to Struts 2.5.14.1 or Struts 2.4 (TBD) |
Affected Software | Struts 2.1.1 - 2.3.34, Struts 2.5 - Struts 2.5.14 |
Reporter |
|
CVE Identifier | Related to CVE-2017-7525 |
Problem
A vulnerability was detected in the latest Jackson JSON library, which was reported here. Upgrade com.fasterxml.jackson to version 2.9.2 to address CVE-2017-7525.
...
Upgrade to Apache Struts version 2.5.14.1 or 2.4. Another solution is to manually upgrade Jackson dependencies in your project to not vulnerable versions, see this comment.
...