High severity8.6NVD Advisory· Published Apr 14, 2017· Updated May 13, 2026
CVE-2016-7051
CVE-2016-7051
Description
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.dataformat:jackson-dataformat-xmlMaven | < 2.7.8 | 2.7.8 |
com.fasterxml.jackson.dataformat:jackson-dataformat-xmlMaven | >= 2.8.0, < 2.8.4 | 2.8.4 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/FasterXML/jackson-dataformat-xml/issues/211nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/97688nvdThird Party AdvisoryVDB EntryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-7c2r-3jqf-c9rwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-7051ghsaADVISORY
News mentions
0No linked articles in our index yet.