Thank you for clarifying this, it wasn't clear to me what kind of issue was that Jackson vulnerability.
Kind regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ 2017-12-08 2:09 GMT+01:00 <darrell.am...@wellsfargo.com.invalid>: > Hello, > > I think it would be appropriate to update the Impact of Vulnerability to > indicate that this issue could be used for remote code execution. The > conversation in the Jackson Project Issues: > https://github.com/FasterXML/jackson-databind/issues/1599 and articles such > as https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/ > make this fairly clear. > > Users might be more concerned if the potential impact was more clearly > identified. > > Thanks, > > Darrell Ambro CISSP, CSSLP, GWAPT > > Cyber Security Research Scientist > Technical Lead - Dynamic Application Security Testing > Wells Fargo Cyber Threat Management > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
