Maven package

com.fasterxml.jackson.dataformat/jackson-dataformat-xml

pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml

Vulnerabilities (2)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2016-7051	Hig	8.6		< 2.7.8	2.7.8	Apr 14, 2017	XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2016-3720	Cri	9.8		< 2.7.4	2.7.4	Jun 10, 2016	XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

CVE-2016-7051HigApr 14, 2017
affected < 2.7.8fixed 2.7.8
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2016-3720CriJun 10, 2016
affected < 2.7.4fixed 2.7.4
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.