mirror of
https://github.com/0xMarcio/cve.git
synced 2026-04-21 09:56:14 +02:00
0xMarcio
3.3 KiB
3.3 KiB
CVE-2017-17485
Description
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
POC
Reference
- https://github.com/irsl/jackson-rce-via-spel/
- https://www.oracle.com/security-alerts/cpuoct2020.html
Github
- https://github.com/A-TPL-Bench/LibHunter
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
- https://github.com/Al1ex/CVE-2017-17485
- https://github.com/Anonymous-Phunter/PHunter
- https://github.com/BassinD/jackson-RCE
- https://github.com/BrittanyKuhn/javascript-tutorial
- https://github.com/CGCL-codes/LibHunter
- https://github.com/CGCL-codes/PHunter
- https://github.com/CrackerCat/myhktools
- https://github.com/Drun1baby/JavaSecurityLearning
- https://github.com/GhostTroops/myhktools
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
- https://github.com/LibHunter/LibHunter
- https://github.com/OWASP/www-project-ide-vulscanner
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/Pear1y/Vuln-Env
- https://github.com/Pear1y/VulnEnv
- https://github.com/SarthakShieldersoft/TestVWA
- https://github.com/ShiftLeftSecurity/HelloShiftLeft-Scala
- https://github.com/SugarP1g/LearningSecurity
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bkhablenko/CVE-2017-8046
- https://github.com/boonyashka/scala
- https://github.com/conikeec/helloshiftleftplay
- https://github.com/do0dl3/myhktools
- https://github.com/hdgittest/HelloShiftLeft-Scala
- https://github.com/hdgittest/HelloshiftLeft_scala
- https://github.com/hktalent/myhktools
- https://github.com/ilmari666/cybsec
- https://github.com/iqrok/myhktools
- https://github.com/irsl/jackson-rce-via-spel
- https://github.com/killvxk/Awesome-Exploit
- https://github.com/klarna/kco_rest_java
- https://github.com/klausware/Java-Deserialization-Cheat-Sheet
- https://github.com/maxbitcoin/Jackson-CVE-2017-17485
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
- https://github.com/mymortal/expcode
- https://github.com/ongamse/Scala
- https://github.com/rootsecurity/Jackson-CVE-2017-17485
- https://github.com/seal-community/patches
- https://github.com/shadowsock5/jackson-databind-POC
- https://github.com/tafamace/CVE-2017-17485
- https://github.com/touchmycrazyredhat/myhktools
- https://github.com/trhacknon/myhktools
- https://github.com/wahyuhadi/spel.xml
- https://github.com/x7iaob/cve-2017-17485
- https://github.com/yahoo/cubed