[SOLR-13110] CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ... - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 7.6
Fix Version/s: 8.0, 9.0
Component/s: None
Labels:
None
Environment:

RedHat Linux. May run from RHEL versions 5, 6 or 7 but this issue is from Sonatype component scan and should be independent of Linux platform version.

Description

We can't move to Solr 7 without fixing this issue flagged by Sonatype scan Of Solr - 7.6.0 Build,
Using Scanner 1.56.0-01

Threat Level 9 org.codehaus.jackson : jackson-mapper-asl : 1.9.13.

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

Attachments

Issue Links

is part of

SOLR-9515 Update to Hadoop 3

Closed

Activity

People

Assignee:: Kevin Risden

Reporter:: RobertHathaway

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 03/Jan/19 22:03

Updated:: 08/Jun/19 14:58

Resolved:: 25/Mar/19 14:29