Vulnerability identifier: #VU17779
Vulnerability risk: High
Exploitation vector: Network
Exploit availability: No
The disclosed vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.
The vulnerability exists due to fail to block the openjpa class from polymorphic deserialization. A remote attacker can send a specially crafted request that submits malicious input to perform unauthorized actions on the system, which could allow the attacker to execute arbitrary code or cause a denial of service (DoS) condition.
Update to version 2.9.8.
Vulnerable software versions
jackson-databind: 2.9.0 - 2.9.7
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?