High severity8.6NVD Advisory· Published Apr 14, 2017· Updated Jun 17, 2026
CVE-2016-7051
CVE-2016-7051
Description
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.fasterxml.jackson.dataformat:jackson-dataformat-xmlMaven | < 2.7.8 | 2.7.8 |
com.fasterxml.jackson.dataformat:jackson-dataformat-xmlMaven | >= 2.8.0, < 2.8.4 | 2.8.4 |
Affected products
8cpe:2.3:a:fasterxml:jackson-dataformat-xml:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:*:*:*:*:*:*:*:*range: <2.7.8
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.8.0:-:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.8.3:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- github.com/FasterXML/jackson-dataformat-xml/issues/211nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/97688nvdThird Party AdvisoryVDB EntryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-7c2r-3jqf-c9rwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-7051ghsaADVISORY
News mentions
0No linked articles in our index yet.