Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-13110

CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.6
    • Fix Version/s: 8.0, master (9.0)
    • Component/s: None
    • Labels:
      None
    • Environment:

      RedHat Linux.    May run from RHEL versions 5, 6 or 7 but this issue is from Sonatype component scan and should be independent of Linux platform version.

      Description

      We can't move to Solr 7 without fixing this issue flagged by Sonatype scan Of Solr - 7.6.0 Build,
      Using Scanner 1.56.0-01

      Threat Level 9       org.codehaus.jackson : jackson-mapper-asl : 1.9.13.   

      A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

        Attachments

          Issue Links

          is part of

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-9515 Update to Hadoop 3

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

            Activity

              People

              • Assignee:
                krisden Kevin Risden
                Reporter:
                rjh RobertHathaway
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: