Vulnerability & Exploit Database

Red Hat JBoss EAP: Deserialization of Untrusted Data (CVE-2019-10202)

SUSE: CVE-2018-7489: SUSE Linux Security Advisory

FreeBSD: VID-93F8E0FF-F33D-11E8-BE46-0019DBB15B3F (CVE-2018-7489): payara -- Default typing issue in Jackson Databind

Oracle WebLogic: CVE-2018-7489 : Critical Patch Update

Debian: CVE-2018-7489: jackson-databind -- security update

Red Hat JBoss EAP: Incomplete Blacklist (CVE-2018-7489)

Red Hat OpenShift: CVE-2018-7489: jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

Oracle Database: Critical Patch Update - July 2018 (CVE-2017-15095)

Red Hat OpenShift: CVE-2017-15095: jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)

Oracle WebLogic: CVE-2017-7525 : Critical Patch Update

Red Hat OpenShift: CVE-2017-7525: jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

Red Hat JBoss EAP: Incomplete Blacklist (CVE-2017-7525)

Red Hat JBoss EAP: Deserialization of Untrusted Data (CVE-2017-15095)

Red Hat JBoss EAP: Incomplete Blacklist (CVE-2018-5968)

Red Hat OpenShift: CVE-2018-5968: jackson-databind: unsafe deserialization due to incomplete blacklist (incomplete fix for CVE-2017-7525 and CVE-2017-17485)

Debian: CVE-2018-5968: jackson-databind -- security update

Apache Struts: S2-055 (CVE-2017-7525): Security updates available for Apache Struts

Red Hat JBoss EAP: Deserialization of Untrusted Data (CVE-2017-17485)

Debian: CVE-2017-17485: jackson-databind -- security update

Red Hat OpenShift: CVE-2017-17485: jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)