MGASA-2018-0138

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2017-17485 CVE-2018-5968

Published: 24 Feb 2018, 23:25

Last modified:16 Apr 2026, 06:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Feb 2018, 23:25

Published

Vulnerability first disclosed

16 Apr 2026, 06:26

Last Modified

Vulnerability information updated

Description

Updated jackson-databind packages fix security vulnerability A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper (CVE-2017-17485). A flaw was found in FasterXML jackson-databind which allows unauthenticated remote code execution due deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist (CVE-2018-5968).

Affected Systems

mageia•jackson-databind
< 2.7.6-1.3.mga6

MGASA-2018-0138

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)