1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-7C2R-3JQF-C9RW

[MAVEN:GHSA-7C2R-3JQF-C9RW] jackson-dataformat-xml vulnerable to server side request forgery (SSRF)

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Versions of jackson-dataformat-xml) prior to 2.7.8 and prior to 2.8.4 allow remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Package Affected Version
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml >= 2.8.0, < 2.8.4
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml < 2.7.8
Package Fixed Version
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml = 2.8.4
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml = 2.7.8
ID
MAVEN:GHSA-7C2R-3JQF-C9RW
Severity
high
URL
https://github.com/advisories/GHSA-7c2r-3jqf-c9rw
Published
2018-10-18T17:43:28
(6 years ago)
Modified
2023-01-08T05:02:44
(20 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml com.fasterxml.jackson.dataformat jackson-dataformat-xml >= 2.8.0 < 2.8.4
Fixed pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml com.fasterxml.jackson.dataformat jackson-dataformat-xml = 2.8.4
Affected pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml com.fasterxml.jackson.dataformat jackson-dataformat-xml < 2.7.8
Fixed pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml com.fasterxml.jackson.dataformat jackson-dataformat-xml = 2.7.8
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date