Miembros de
Boletines de Vulnerabilidades |
DSA-4004 jackson-databind - security update |
|
Información sobre el sistema |
|
| Software afectado | Debian |
Descripción |
|
|
Liao Xinxi discovered that jackson-databind, a Java library used toparse JSON and other data formats, did not properly validate userinput before attemtping deserialization. This allowed an attacker toperform code execution by providing maliciously crafted input. More info: https://www.debian.org/security/2017/dsa-4004 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2017-7525 and DSA-4004. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2017-10-21 |