{"uuid": "caf45b37-7379-4106-b11d-b7ef3ba70761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://t.me/arpsyndicate/1482", "content": "#ExploitObserverAlert\n\nCVE-2017-17485\n\nDESCRIPTION: Exploit Observer has 60 entries related to CVE-2017-17485. FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.\n\nFIRST-EPSS: 0.107410000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-06T12:41:09.000000Z"}