Re: [ANN] [APACHE STRUTS] Security Bulletin S2-055: impact increased to High (related to CVE-2017-7525 - JSON Jackson library)

could someone please confirm what Jackson databind versions are impacted ? we are using 2.7.1 version . On Tue, Dec 12, 2017 at 9:45 AM, Lukasz Lenart wrote: > 2017-12-12 15:29 GMT+01:00 Emi : > > Hello, > >> > >> vulnerability exists in a JSON Jackson library and it's registered under > >> CVE-

Re: Struts 2.5.14.1 version - Security fixes - Need clarifications

sily give. > > -- > _ > Adam Brin > Director of Technology, Digital Antiquity > 480.965.1278 > > > On Dec 6, 2017, at 12:33 PM, upendar devu > wrote: > > > > Thank you for the response . You mentioned that I'm still impacted even > > not sui

Re: Struts 2.5.14.1 version - Security fixes - Need clarifications

, Dec 6, 2017 at 1:35 PM, Yasser Zamani wrote: > > > On 12/6/2017 9:40 PM, upendar devu wrote: > > is this impact for those using Struts based REST plugin ? > > CVE-2017-15707 [1] is for those using Struts' REST Plugin [2]. Before > 2.5.14.1 this plugin uses json-li

Struts 2.5.14.1 version - Security fixes - Need clarifications

CVE-2017-15095 & CVE-2017-7525 -S2-054 & S2-055 has been fixed in the version 2.5.14.1 We are using struts2 version 2.5.13. not using struts based REST plugin but using below jackson versions I'm confused on the problem statements of these 2 CVEs reported , is this impact for those using Struts