Description
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485, CVE-2017-7525, CVE-2017-15095, CVE-2018-5968, CVE-2018-7489, CVE-2018-1000873, CVE-2019-12086 reported for FasterXML jackson-databind by implementing a whitelist approach that will mitigate these vulnerabilities and future ones alike.
Remediation
References
Related Vulnerabilities
WordPress Plugin Profile Builder Pro Security Bypass (3.1.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4401)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.185)
WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)
Moodle Incorrect Authorization Vulnerability (CVE-2020-25701)