[MAVEN:GHSA-HMQ6-FRV3-4727] jackson-dataformat-xml vulnerable to XML external entity (XXE)
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
Package | Affected Version |
---|---|
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml | < 2.7.4 |
Package | Fixed Version |
---|---|
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml | = 2.7.4 |
- ID
- MAVEN:GHSA-HMQ6-FRV3-4727
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-hmq6-frv3-4727
- Published
-
2018-10-18T17:43:16
(6 years ago) - Modified
-
2023-01-08T05:03:02
(20 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml | com.fasterxml.jackson.dataformat | jackson-dataformat-xml | < 2.7.4 | |||
Fixed | pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml | com.fasterxml.jackson.dataformat | jackson-dataformat-xml | = 2.7.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |