CVE-2017-15095 & CVE-2017-7525 -S2-054 & S2-055 has been fixed in the version 2.5.14.1
We are using struts2 version 2.5.13. not using struts based REST plugin but using below jackson versions I'm confused on the problem statements of these 2 CVEs reported , is this impact for those using Struts based REST plugin ? I'm not using this but below jackson versions are being used . are we impacted ? please confirm along with detailed problem statement who will be impacted on these 2CVEs. jackson-annotations-2.7.0.jar jackson-module-jaxb-annotations-2.7.1.jar jackson-jaxrs-json-provider-2.7.1.jar jackson-jaxrs-base-2.7.1.jar jackson-databind-2.7.1.jar jackson-core-2.7.1.jar Thanks