[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

Monday, 15 July 2019

https://bugzilla.redhat.com/show_bug.cgi?id=1528565

Chess Hazlett <chazlett(a)redhat.com&gt; changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Whiteboard|impact=important,public=201 |impact=important,public=201
                   |71212,reported=20171206,sou |71212,reported=20171206,sou
                   |rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV
                   |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/
                   |S:U/C:H/I:H/A:H,eap-6/reste |S:U/C:H/I:H/A:H,cwe=CWE-502
                   |asy=affected,fedora-all/jac |,eap-6/resteasy=affected,fe
                   |kson-databind=affected,jdg- |dora-all/jackson-databind=a
                   |7/jackson-databind=notaffec |ffected,jdg-7/jackson-datab
                   |ted,jon-3/resteasy=affected |ind=notaffected,jon-3/reste
                   |,openshift-enterprise-2/jac |asy=affected,openshift-ente
                   |kson-databind=affected,dts- |rprise-2/jackson-databind=a
                   |4/devtoolset-4-jackson-data |ffected,dts-4/devtoolset-4-
                   |bind=wontfix,rhev-m-3/jaspe |jackson-databind=wontfix,rh
                   |rreports-server-pro=wontfix |ev-m-3/jasperreports-server
                   |,rhev-m-4/eap7-jackson-data |-pro=wontfix,rhev-m-4/eap7-
                   |bind=affected,amq-6/jackson |jackson-databind=affected,a
                   |-databind=notaffected,bpms- |mq-6/jackson-databind=notaf
                   |6/jackson-databind=affected |fected,bpms-6/jackson-datab
                   |,jdv-6/jackson-databind=not |ind=affected,jdv-6/jackson-
                   |affected,fuse-6/jackson-dat |databind=notaffected,fuse-6
                   |abind=notaffected,rhmap-4/j |/jackson-databind=notaffect
                   |ackson-databind=notaffected |ed,rhmap-4/jackson-databind
                   |,rhn_satellite_6/jackson-da |=notaffected,rhn_satellite_
                   |tabind=new,rhscl-3/rh-eclip |6/jackson-databind=new,rhsc
                   |se46-jackson-databind=affec |l-3/rh-eclipse46-jackson-da
                   |ted,rhscl-3/rh-maven35-jack |tabind=affected,rhscl-3/rh-
                   |son-databind=affected,sam-1 |maven35-jackson-databind=af
                   |/jackson-databind=wontfix,e |fected,sam-1/jackson-databi
                   |ap-7/resteasy=affected,brms |nd=wontfix,eap-7/resteasy=a
                   |-6/jackson-databind=affecte |ffected,brms-6/jackson-data
                   |d,swarm-7/jackson-databind= |bind=affected,swarm-7/jacks
                   |affected,vertx-3/jackson-da |on-databind=affected,vertx-
                   |tabind=notaffected          |3/jackson-databind=notaffec
                   |                            |ted

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010