Description
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Sudoku Plus Unspecified Vulnerability (1.4)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2133)
Vanilla Forums Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4954)
OpenSSL Incomplete Cleanup Vulnerability (CVE-2022-1473)
WordPress Plugin RBX Gallery 'uploader.php' Arbitrary File Upload (2.1)