{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-15095","title":"Title"},{"category":"description","text":"A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-15095","url":"https://www.suse.com/security/cve/CVE-2017-15095"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1192165 for CVE-2017-15095","url":"https://bugzilla.suse.com/1192165"},{"category":"external","summary":"SUSE Bug 1193944 for CVE-2017-15095","url":"https://bugzilla.suse.com/1193944"},{"category":"external","summary":"SUSE Bug 1202327 for CVE-2017-15095","url":"https://bugzilla.suse.com/1202327"},{"category":"external","summary":"Advisory link for TID7023098","url":"https://www.suse.com/support/kb/doc/?id=7023098"},{"category":"external","summary":"Advisory link for TID7023117","url":"https://www.suse.com/support/kb/doc/?id=7023117"}],"title":"SUSE CVE CVE-2017-15095","tracking":{"current_release_date":"2025-07-01T02:30:38Z","generator":{"date":"2023-02-15T04:38:46Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-15095","initial_release_date":"2023-02-15T04:38:46Z","revision_history":[{"date":"2023-02-15T04:38:46Z","number":"2","summary":"Current version"},{"date":"2025-01-01T08:25:53Z","number":"3","summary":"Current version"},{"date":"2025-01-10T04:14:14Z","number":"4","summary":"Current version"},{"date":"2025-06-26T05:25:13Z","number":"5","summary":"Current version"},{"date":"2025-07-01T02:30:38Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}}}