Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fasterxml Subscribe
Filtered by product Jackson-dataformat-xml
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-7051 1 Fasterxml 1 Jackson-dataformat-xml 2019-10-10 5.0 MEDIUM 8.6 HIGH
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
CVE-2016-3720 2 Fasterxml, Fedoraproject 2 Jackson-dataformat-xml, Fedora 2019-10-10 7.5 HIGH 9.8 CRITICAL
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.