Skip to content

Jackson Deserializer security vulnerability via default typing (CVE-2017-7525) #1599

New issue
New issue
Closed
Closed
Jackson Deserializer security vulnerability via default typing (CVE-2017-7525)#1599
Graylog2/graylog2-server
#3908
 (+1)
Labels
CVEIssues related to public CVEs (security vuln reports)
Milestone
2.8.9
@ayound

Description

@ayound
ayound
opened on Apr 11, 2017

I have send email to [email protected]

EDIT: (23-Apr-2024)

Fix in:

  • 2.7.9.1
  • 2.8.9
  • 2.9.0 and all later 2.x releases

Metadata

Metadata

Assignees

No one assigned

    Labels

    CVEIssues related to public CVEs (security vuln reports)

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions