Fasterxml Jackson-Dataformat-Xml vulnerabilities
2 known vulnerabilities affecting fasterxml/jackson-dataformat-xml.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2016-7051HIGHCVSS 8.6fixed in 2.7.8v2.8.0+3 more2017-04-14
CVE-2016-7051 [HIGH] CWE-611 CVE-2016-7051: XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
nvd
CVE-2016-3720CRITICALCVSS 9.8≤ 2.7.32016-06-10
CVE-2016-3720 [CRITICAL] CWE-611 CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka j
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
nvd