Including Struts Security team On Wed, Dec 6, 2017 at 12:06 PM, upendar devu <devulapal...@gmail.com> wrote:
> CVE-2017-15095 & CVE-2017-7525 -S2-054 & S2-055 has been fixed in the > version 2.5.14.1 > > We are using struts2 version 2.5.13. not using struts based REST plugin > but using below jackson versions > > I'm confused on the problem statements of these 2 CVEs reported , is this > impact for those using Struts based REST plugin ? I'm not using this but > below jackson versions are being used . are we impacted ? please confirm > along with detailed problem statement on these 2CVEs. > > > > jackson-annotations-2.7.0.jar > jackson-module-jaxb-annotations-2.7.1.jar > jackson-jaxrs-json-provider-2.7.1.jar > jackson-jaxrs-base-2.7.1.jar > jackson-databind-2.7.1.jar > jackson-core-2.7.1.jar > > > Thanks >
