CVE-2016-3720

CWE-611XML External Entity (XXE)11 documents7 sources
Severity
9.8CRITICAL
EPSS
0.1%
top 70.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fasterxml Jackson-dataformat-xmlRedhat Jackson-mapper-aslFedoraproject Fedora
Timeline
PublishedJun 10
Latest updateFeb 4

Description

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

Debianjackson-dataformat-xml< 2.7.4-1+3
CVEListV5redhat/jackson-mapper-asl1.9.x

Also affects: Fedora 24

🔴Vulnerability Details

5
GHSA
Improper Restriction of XML External Entity Reference in jackson-mapper-asl2020-02-04
OSV
jackson-dataformat-xml vulnerable to XML external entity (XXE)2018-10-18
GHSA
jackson-dataformat-xml vulnerable to XML external entity (XXE)2018-10-18
OSV
CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have un2016-06-10
CVEList
CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have un2016-06-10

📋Vendor Advisories

2
Red Hat
jackson-mapper-asl: XML external entity similar to CVE-2016-37202019-11-18
Debian
CVE-2016-3720: jackson-dataformat-xml - XML external entity (XXE) vulnerability in XmlMapper in the Data format extensio...2016

💬Community

3
Bugzilla
CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-37202019-05-29
Bugzilla
CVE-2016-7051 jackson-dataformat-xml: XmlMapper is vulnerable to SSRF attack2016-09-23
Bugzilla
CVE-2016-3720 jackson-dataformat-xml: XmlMapper is vulnerable to XXE attack2016-04-19
CVE-2016-3720 (CRITICAL CVSS 9.8) | XML external entity (XXE) vulnerabi | cvebase.io