What is CVE-2017-17485?

CVE-2017-17485 is a vulnerability in N/a. Published 2018-01-10.

Is CVE-2017-17485 known to be exploited?

52 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON…

EPSS: 0.849 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

RHSA-2018:1448 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:0479 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:0481 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:1449 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:1450 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:1451 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:0116 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:0342 (x_refsource_REDHAT, vendor-advisory)
20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used (mailing-list, x_refsource_BUGTRAQ)
RHSA-2018:0480 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2017-17485?: CVE-2017-17485 is a vulnerability in N/a. Published 2018-01-10.
Is CVE-2017-17485 known to be exploited?: 52 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.