[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-17485":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":24,"aliases":25,"duplicate_of":9,"upstream":27,"downstream":28,"duplicates":55,"related":56,"reserved_at":9,"published_at":58,"modified_at":59,"state":60,"summary":61,"references_raw":69,"kevs":232,"epss":233,"epss_history":236,"metrics":445,"affected":458},"CVE-2017-17485","FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-502","Deserialization of Untrusted Data","The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.","weakness","Draft","Base","Medium",[20],{"id":21,"name":22,"techniques":23},"CAPEC-586","Object Injection",[],[],[26],"GHSA-rfx6-vp9g-rh7v",[],[29,31,33,35,37,39,41,43,45,47,49,51,53],{"_key":30},"UBUNTU-CVE-2017-17485",{"_key":32},"DSA-4114-1",{"_key":34},"RHSA-2018:0116",{"_key":36},"MGASA-2018-0138",{"_key":38},"DEBIAN-CVE-2017-17485",{"_key":40},"RHSA-2018:0342",{"_key":42},"RHSA-2018:0479",{"_key":44},"RHSA-2018:0480",{"_key":46},"RHSA-2018:0481",{"_key":48},"RHSA-2018:1448",{"_key":50},"RHSA-2018:1449",{"_key":52},"RHSA-2018:1450",{"_key":54},"RHSA-2018:1451",[],[57],{"_key":36},"2018-01-10T18:00:00.000Z","2025-08-27T20:31:49.308Z","Modified",{"cisa_kev":62,"cisa_ransomware":62,"cisa_vendor":9,"epss_severity":63,"epss_score":64,"severity":63,"severity_score":65,"severity_version":66,"severity_source":67,"severity_vector":68,"severity_status":60},false,"critical",0.84949,9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[70,80,84,88,92,96,100,104,108,115,119,123,128,132,136,140,144,148,152,156,161,166,170,174,178,183,187,191,195,199,203,207,211,215,220,224,228],{"url":71,"sources":72,"tags":75},"https://access.redhat.com/errata/RHSA-2018:1448",[67,73,74],"nvd","osv_maven",[76,77,78,79],"Vendor Advisory","X Refsource REDHAT","Third Party Advisory","WEB",{"url":81,"sources":82,"tags":83},"https://access.redhat.com/errata/RHSA-2018:0479",[67,73,74],[76,77,78,79],{"url":85,"sources":86,"tags":87},"https://access.redhat.com/errata/RHSA-2018:0481",[67,73,74],[76,77,78,79],{"url":89,"sources":90,"tags":91},"https://access.redhat.com/errata/RHSA-2018:1449",[67,73,74],[76,77,78,79],{"url":93,"sources":94,"tags":95},"https://access.redhat.com/errata/RHSA-2018:1450",[67,73,74],[76,77,78,79],{"url":97,"sources":98,"tags":99},"https://access.redhat.com/errata/RHSA-2018:1451",[67,73,74],[76,77,78,79],{"url":101,"sources":102,"tags":103},"https://access.redhat.com/errata/RHSA-2018:0116",[67,73,74],[76,77,78,79],{"url":105,"sources":106,"tags":107},"https://access.redhat.com/errata/RHSA-2018:0342",[67,73,74],[76,77,78,79],{"url":109,"sources":110,"tags":111},"http://www.securityfocus.com/archive/1/541652/100/0/threaded",[67,73],[112,113,78,114],"Mailing List","X Refsource BUGTRAQ","VDB Entry",{"url":116,"sources":117,"tags":118},"https://access.redhat.com/errata/RHSA-2018:0480",[67,73,74],[76,77,78,79],{"url":120,"sources":121,"tags":122},"https://access.redhat.com/errata/RHSA-2018:1447",[67,73,74],[76,77,78,79],{"url":124,"sources":125,"tags":126},"https://www.debian.org/security/2018/dsa-4114",[67,73,74],[76,127,78,79],"X Refsource DEBIAN",{"url":129,"sources":130,"tags":131},"https://access.redhat.com/errata/RHSA-2018:0478",[67,73,74],[76,77,78,79],{"url":133,"sources":134,"tags":135},"https://access.redhat.com/errata/RHSA-2018:2930",[67,73,74],[76,77,78,79],{"url":137,"sources":138,"tags":139},"https://access.redhat.com/errata/RHSA-2019:1782",[67,73,74],[76,77,78,79],{"url":141,"sources":142,"tags":143},"https://access.redhat.com/errata/RHSA-2019:1797",[67,73,74],[76,77,78,79],{"url":145,"sources":146,"tags":147},"https://access.redhat.com/errata/RHSA-2019:2858",[67,73,74],[76,77,78,79],{"url":149,"sources":150,"tags":151},"https://access.redhat.com/errata/RHSA-2019:3149",[67,73,74],[76,77,78,79],{"url":153,"sources":154,"tags":155},"https://access.redhat.com/errata/RHSA-2019:3892",[67,73,74],[76,77,78,79],{"url":157,"sources":158,"tags":159},"https://www.oracle.com/security-alerts/cpuoct2020.html",[67,73,74],[160,78,79],"X Refsource MISC",{"url":162,"sources":163,"tags":164},"https://security.netapp.com/advisory/ntap-20180201-0003/",[67,73],[165,78],"X Refsource CONFIRM",{"url":167,"sources":168,"tags":169},"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us",[67,73,74],[165,78,79],{"url":171,"sources":172,"tags":173},"https://github.com/FasterXML/jackson-databind/issues/1855",[67,73,74],[165,78,79],{"url":175,"sources":176,"tags":177},"https://github.com/irsl/jackson-rce-via-spel/",[67,73],[160,78],{"url":179,"sources":180,"tags":181},"https://nvd.nist.gov/vuln/detail/CVE-2017-17485",[74],[182],"Advisory",{"url":184,"sources":185,"tags":186},"https://github.com/FasterXML/jackson-databind/commit/10fe7f17ea7c8da2a71e7a0c774b420a1d5c1b50",[74],[79],{"url":188,"sources":189,"tags":190},"https://github.com/FasterXML/jackson-databind/commit/2235894210c75f624a3d0cd60bfb0434a20a18bf",[74],[79],{"url":192,"sources":193,"tags":194},"https://github.com/FasterXML/jackson-databind/commit/459107dccc9b3ea991af3e6ad0953e54b01ef7c1",[74],[79],{"url":196,"sources":197,"tags":198},"https://github.com/FasterXML/jackson-databind/commit/4f16f67ebd22c7522fdbb8a7eb87e3026a807d61",[74],[79],{"url":200,"sources":201,"tags":202},"https://github.com/FasterXML/jackson-databind/commit/978798382ceb72229e5036aa1442943933d6d171",[74],[79],{"url":204,"sources":205,"tags":206},"https://github.com/FasterXML/jackson-databind/commit/f031f27a31625d07922bdd090664c69544200a5d",[74],[79],{"url":208,"sources":209,"tags":210},"https://github.com/FasterXML/jackson-databind/commit/eb217dd0f87c5fb471e0668575644aa7eba9a3d3",[74],[79],{"url":212,"sources":213,"tags":214},"https://github.com/FasterXML/jackson-databind/commit/bb45fb16709018842f858f1a6e1118676aaa34bd",[74],[79],{"url":216,"sources":217,"tags":218},"https://github.com/FasterXML/jackson-databind",[74],[219],"PACKAGE",{"url":221,"sources":222,"tags":223},"https://github.com/irsl/jackson-rce-via-spel",[74],[79],{"url":225,"sources":226,"tags":227},"https://security.netapp.com/advisory/ntap-20180201-0003",[74],[79],{"url":229,"sources":230,"tags":231},"https://web.archive.org/web/20200927162225/http://www.securityfocus.com/archive/1/541652/100/0/threaded",[74],[79],[],{"date":234,"score":64,"percentile":235},"2026-06-04",0.99363,[237,241,244,246,249,252,254,256,258,260,262,264,267,269,271,274,276,278,281,283,286,289,291,293,296,298,300,302,306,309,312,314,316,318,320,322,324,326,328,330,333,335,337,340,342,344,346,348,350,353,355,358,361,363,366,369,372,374,376,379,381,384,387,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442],{"date":238,"score":239,"percentile":240},"2025-11-04",0.79787,0.99048,{"date":242,"score":239,"percentile":243},"2025-11-05",0.99047,{"date":245,"score":239,"percentile":243},"2025-11-06",{"date":247,"score":239,"percentile":248},"2025-11-07",0.99045,{"date":250,"score":239,"percentile":251},"2025-11-08",0.99046,{"date":253,"score":239,"percentile":251},"2025-11-09",{"date":255,"score":239,"percentile":251},"2025-11-10",{"date":257,"score":239,"percentile":251},"2025-11-11",{"date":259,"score":239,"percentile":243},"2025-11-12",{"date":261,"score":239,"percentile":243},"2025-11-13",{"date":263,"score":239,"percentile":248},"2025-11-14",{"date":265,"score":239,"percentile":266},"2025-11-15",0.99043,{"date":268,"score":239,"percentile":266},"2025-11-16",{"date":270,"score":239,"percentile":266},"2025-11-17",{"date":272,"score":239,"percentile":273},"2025-11-18",0.99167,{"date":275,"score":239,"percentile":273},"2025-11-19",{"date":277,"score":239,"percentile":273},"2025-11-20",{"date":279,"score":239,"percentile":280},"2025-11-21",0.9904,{"date":282,"score":239,"percentile":280},"2025-11-22",{"date":284,"score":239,"percentile":285},"2025-11-23",0.99039,{"date":287,"score":239,"percentile":288},"2025-11-24",0.99041,{"date":290,"score":239,"percentile":288},"2025-11-25",{"date":292,"score":239,"percentile":288},"2025-11-26",{"date":294,"score":239,"percentile":295},"2025-11-27",0.99042,{"date":297,"score":239,"percentile":295},"2025-11-28",{"date":299,"score":239,"percentile":266},"2025-11-29",{"date":301,"score":239,"percentile":288},"2025-11-30",{"date":303,"score":304,"percentile":305},"2025-12-01",0.76866,0.98906,{"date":307,"score":304,"percentile":308},"2025-12-02",0.98908,{"date":310,"score":304,"percentile":311},"2025-12-03",0.98909,{"date":313,"score":239,"percentile":280},"2025-12-04",{"date":315,"score":239,"percentile":295},"2025-12-05",{"date":317,"score":239,"percentile":295},"2025-12-06",{"date":319,"score":239,"percentile":266},"2025-12-07",{"date":321,"score":239,"percentile":266},"2025-12-08",{"date":323,"score":239,"percentile":248},"2025-12-09",{"date":325,"score":239,"percentile":251},"2025-12-10",{"date":327,"score":239,"percentile":240},"2025-12-11",{"date":329,"score":239,"percentile":240},"2025-12-12",{"date":331,"score":239,"percentile":332},"2025-12-13",0.99049,{"date":334,"score":239,"percentile":240},"2025-12-14",{"date":336,"score":239,"percentile":332},"2025-12-15",{"date":338,"score":239,"percentile":339},"2025-12-16",0.9905,{"date":341,"score":239,"percentile":339},"2025-12-17",{"date":343,"score":239,"percentile":332},"2025-12-18",{"date":345,"score":239,"percentile":332},"2025-12-19",{"date":347,"score":239,"percentile":339},"2025-12-20",{"date":349,"score":239,"percentile":332},"2025-12-21",{"date":351,"score":239,"percentile":352},"2025-12-22",0.99051,{"date":354,"score":239,"percentile":352},"2025-12-23",{"date":356,"score":239,"percentile":357},"2025-12-24",0.99052,{"date":359,"score":239,"percentile":360},"2025-12-25",0.99053,{"date":362,"score":239,"percentile":357},"2025-12-26",{"date":364,"score":239,"percentile":365},"2025-12-27",0.99058,{"date":367,"score":239,"percentile":368},"2025-12-28",0.99054,{"date":370,"score":239,"percentile":371},"2025-12-29",0.99055,{"date":373,"score":239,"percentile":368},"2025-12-30",{"date":375,"score":239,"percentile":371},"2025-12-31",{"date":377,"score":304,"percentile":378},"2026-01-01",0.98921,{"date":380,"score":304,"percentile":378},"2026-01-02",{"date":382,"score":304,"percentile":383},"2026-01-03",0.9892,{"date":385,"score":239,"percentile":386},"2026-01-04",0.99057,{"date":388,"score":239,"percentile":389},"2026-01-05",0.99056,{"date":391,"score":239,"percentile":389},"2026-01-06",{"date":393,"score":239,"percentile":371},"2026-01-07",{"date":395,"score":239,"percentile":371},"2026-01-08",{"date":397,"score":239,"percentile":389},"2026-01-09",{"date":399,"score":239,"percentile":389},"2026-01-10",{"date":401,"score":239,"percentile":360},"2026-01-11",{"date":403,"score":239,"percentile":360},"2026-01-12",{"date":405,"score":239,"percentile":357},"2026-01-13",{"date":407,"score":239,"percentile":368},"2026-01-14",{"date":409,"score":239,"percentile":360},"2026-01-15",{"date":411,"score":239,"percentile":368},"2026-01-16",{"date":413,"score":239,"percentile":371},"2026-01-17",{"date":415,"score":239,"percentile":368},"2026-01-18",{"date":417,"score":239,"percentile":368},"2026-01-19",{"date":419,"score":239,"percentile":371},"2026-01-20",{"date":421,"score":239,"percentile":371},"2026-01-21",{"date":423,"score":239,"percentile":371},"2026-01-22",{"date":425,"score":239,"percentile":389},"2026-01-23",{"date":427,"score":239,"percentile":386},"2026-01-24",{"date":429,"score":239,"percentile":389},"2026-01-25",{"date":431,"score":239,"percentile":389},"2026-01-26",{"date":433,"score":239,"percentile":386},"2026-01-27",{"date":435,"score":239,"percentile":386},"2026-01-28",{"date":437,"score":239,"percentile":365},"2026-01-29",{"date":439,"score":239,"percentile":386},"2026-01-30",{"date":441,"score":239,"percentile":389},"2026-01-31",{"date":443,"score":304,"percentile":444},"2026-02-01",0.98924,[446,450,456],{"source":67,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":447,"cvss_v4_0":9},{"baseScore":65,"baseSeverity":448,"vectorString":68,"impactScore":65,"exploitabilityScore":449},"CRITICAL",10,{"source":73,"cvss_v2_0":451,"cvss_v3_0":9,"cvss_v3_1":455,"cvss_v4_0":9},{"baseScore":452,"baseSeverity":9,"vectorString":453,"impactScore":454,"exploitabilityScore":449},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,{"baseScore":65,"baseSeverity":448,"vectorString":68,"impactScore":65,"exploitabilityScore":449},{"source":74,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":457,"cvss_v4_0":9},{"baseScore":65,"baseSeverity":9,"vectorString":68,"impactScore":65,"exploitabilityScore":449},[459,470,493,506,515,521,526,530,541],{"ecosystem":9,"name":460,"vendor":461,"product":462,"cpe_part":463,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":464},"debian linux","debian","debian_linux","o",[465,468],{"version":466,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"version":469,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":471,"vendor":472,"product":471,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"jackson-databind","fasterxml","a",[475,480,485,489],{"version":476,"is_range":477,"range_type":467,"version_start":9,"version_start_type":9,"version_end":478,"version_end_type":479,"fixed_in":9},"lt2.6.7.3",true,"2.6.7.3","excluding",{"version":481,"is_range":477,"range_type":467,"version_start":482,"version_start_type":483,"version_end":484,"version_end_type":479,"fixed_in":9},"gte2.7.0_lt2.7.9.2","2.7.0","including","2.7.9.2",{"version":486,"is_range":477,"range_type":467,"version_start":487,"version_start_type":483,"version_end":488,"version_end_type":479,"fixed_in":9},"gte2.8.0_lt2.8.11","2.8.0","2.8.11",{"version":490,"is_range":477,"range_type":467,"version_start":491,"version_start_type":483,"version_end":492,"version_end_type":479,"fixed_in":9},"gte2.9.0_lt2.9.4","2.9.0","2.9.4",{"ecosystem":494,"name":495,"vendor":496,"product":471,"cpe_part":9,"purl_type":497,"purl_namespace":496,"purl_name":471,"source":9,"versions":498},"Maven","com.fasterxml.jackson.core:jackson-databind","com.fasterxml.jackson.core","maven",[499,502,504],{"version":500,"is_range":477,"range_type":501,"version_start":491,"version_start_type":483,"version_end":492,"version_end_type":479,"fixed_in":9},"gte2_9_0_lt2_9_4","ecosystem",{"version":503,"is_range":477,"range_type":501,"version_start":487,"version_start_type":483,"version_end":488,"version_end_type":479,"fixed_in":9},"gte2_8_0_lt2_8_11",{"version":505,"is_range":477,"range_type":501,"version_start":9,"version_start_type":9,"version_end":484,"version_end_type":479,"fixed_in":9},"lt2_7_9_2",{"ecosystem":9,"name":507,"vendor":508,"product":509,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":510},"e-series santricity os controller","netapp","e-series_santricity_os_controller",[511],{"version":512,"is_range":477,"range_type":467,"version_start":513,"version_start_type":483,"version_end":514,"version_end_type":483,"fixed_in":9},"gte11.0.0_lte11.60.3","11.0.0","11.60.3",{"ecosystem":9,"name":516,"vendor":508,"product":517,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":518},"e-series santricity web services proxy","e-series_santricity_web_services_proxy",[519],{"version":520,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"na",{"ecosystem":9,"name":522,"vendor":508,"product":523,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":524},"oncommand shift","oncommand_shift",[525],{"version":520,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":527,"vendor":508,"product":527,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":528},"snapcenter",[529],{"version":520,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":531,"vendor":532,"product":533,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":534},"jboss enterprise application platform","redhat","jboss_enterprise_application_platform",[535,537,539],{"version":536,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.0.0",{"version":538,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.4.0",{"version":540,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1",{"ecosystem":9,"name":542,"vendor":532,"product":543,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":544},"openshift container platform","openshift_container_platform",[545,547],{"version":546,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.1",{"version":548,"is_range":62,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.11"]