EHC ❯ Vulnerability CVE-2017-4995 & CWE: 502 BeanDeserializerFactory.class_terracotta

• Type: Bug
• Status: New
• Priority: 2 Major
• Resolution:
• Component/s:
• Labels:

• Assignee: drb
• Reporter: mg_arch
• Created: July 12, 2017
• Votes: 0
• Watchers: 2
• Updated:

  July 13, 2017
• Resolved:

Description

Comments

Michael Grom 2017-07-12

According to CWE 502 : “ The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.”

Michael Grom 2017-07-12

Affected versions: 2.10.2 -> 2.10.4

Sorry for the inconvenience caused when creating this issue.

Peter Lynch 2017-07-13

Details on this found at https://github.com/FasterXML/jackson-databind/issues/1599