CVE-2017-15095— FasterXML Jackson-databind 代码问题漏洞

EPSS 8.61% · P92 更新于 2026-02-21

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2017-15095 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

来源: 美国国家漏洞数据库 NVD

CVSS Information

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

不完整的黑名单

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

FasterXML Jackson-databind 代码问题漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

FasterXML jackson-databind是FasterXML公司的一个基于JAVA可以将XML和JSON等数据格式与JAVA对象进行转换的库。Jackson可以轻松的将Java对象转换成json对象和xml文档，同样也可以将json、xml转换成Java对象。 FasterXML Jackson-databind 2.8.10之前版本和2.9.1之前版本中存在代码问题漏洞。攻击者可通过向ObjectMapper的readValue方法发送特制的输入利用该漏洞执行代码。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
FasterXML	jackson-databind	before 2.8.10	-

二、漏洞 CVE-2017-15095 的公开POC

#	POC 描述	源链接	神龙链接
1	None	https://github.com/andikahilmy/CVE-2017-15095-jackson-databind-vulnerable	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2017-15095 的情报信息

Please 登录 to view more intelligence information

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1737x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20171214-0003/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1680x_refsource_CONFIRM
http://www.securityfocus.com/bid/103880vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039769vdb-entryx_refsource_SECTRACK
https://www.debian.org/security/2017/dsa-4037vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0481vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3189vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3190vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0577vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0342vendor-advisoryx_refsource_REDHAT
RHSA-2018:1450 - Security Advisory - Red Hat Customer Portalvendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2927vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0479vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1451vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0478vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1447vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0576vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1448vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0480vendor-advisoryx_refsource_REDHAT
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3Emailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-15095

IV. Related Vulnerabilities

Same product: jackson-databind

Same vendor: FasterXML

Same weakness: CWE-184

V. Comments for CVE-2017-15095

暂无评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2017-15095— FasterXML Jackson-databind 代码问题漏洞

一、漏洞 CVE-2017-15095 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2017-15095 的公开POC

三、漏洞 CVE-2017-15095 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2017-15095

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2017-15095— FasterXML Jackson-databind 代码问题漏洞

一、 漏洞 CVE-2017-15095 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2017-15095 的公开POC

三、漏洞 CVE-2017-15095 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2017-15095

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2017-15095 基础信息