Search for packages
| purl | pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-v84e-sf92-dqa1
Aliases: CVE-2017-7525 GHSA-qxxx-2pp7-5hmx |
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. |
Affected by 40 other vulnerabilities. Affected by 40 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:56:44.047494+00:00 | GHSA Importer | Affected by | VCID-v84e-sf92-dqa1 | https://github.com/advisories/GHSA-qxxx-2pp7-5hmx | 38.0.0 |