CVE-2017-7525 is a Vulnerability in `jackson-databind`, not Apache Struts

# Description

According to [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-7525), [CVE-2017-7525](https://github.com/VulnerabilityHistoryProject/struts-vulnerabilities/blob/da711b547095f1f5ec8242739f9d7604ef7e85ae/cves/CVE-2017-7525.yml) is a vulnerability in [jackson-databind](https://github.com/FasterXML/jackson-databind), not Apache Struts. The vulnerability was fixed in FasterXML/jackson-databind#1599. Apache Struts was merely modified in https://github.com/apache/struts/commit/0d42ff50ac147df883372c0c513734af8abaee39, https://github.com/apache/struts/commit/941374ecdb99ccc316f6b527b8df0f1cf2bb80c0, and https://github.com/apache/struts/commit/a2824b7c87659c0c8f8cfc4b1b1fe2cc60b19138 to upgrade to Jackson version 2.9.2.

Should CVE-2017-7525 be curated as a vulnerability in the Apache Struts project?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2017-7525 is a Vulnerability in `jackson-databind`, not Apache Struts #54

Description

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

CVE-2017-7525 is a Vulnerability in jackson-databind, not Apache Struts #54

Description

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions

CVE-2017-7525 is a Vulnerability in `jackson-databind`, not Apache Struts #54