CVE-2018-5968 vulnerability in FasterXML and Other Products
Published on January 22, 2018

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-5968

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-5968 are published in these products:

FasterXML Jackson Databind

NetApp E Series Santricity Os Controller

NetApp E Series Santricity Web Services Proxy

NetApp Oncommand Shift

Red Hat Openshift Container Platform

Debian Linux

Exploit Probability

EPSS

1.74%

Percentile

82.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-5968 vulnerability in FasterXML and Other ProductsPublished on January 22, 2018

Products Associated with CVE-2018-5968

Exploit Probability

CVE-2018-5968 vulnerability in FasterXML and Other Products
Published on January 22, 2018