[MAVEN:GHSA-HMQ6-FRV3-4727] jackson-dataformat-xml vulnerable to XML external entity (XXE)
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
| Package | Affected Version |
|---|---|
 pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml
|
< 2.7.4 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml
|
= 2.7.4 |
- ID
- MAVEN:GHSA-HMQ6-FRV3-4727
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-hmq6-frv3-4727
- Published
-
2018-10-18T17:43:16
(6 years ago) - Modified
-
2023-01-08T05:03:02
(20 months ago) - Rights
- Maven Security Team
- Other Advisories
FEDORA-2016-13b4cae9df| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml | com.fasterxml.jackson.dataformat |
jackson-dataformat-xml
|
< 2.7.4 | |||
| Fixed | pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml | com.fasterxml.jackson.dataformat |
jackson-dataformat-xml
|
= 2.7.4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |