Search for packages
| purl | pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.6.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ekx6-m3n8-1bcw
Aliases: CVE-2016-7051 GHSA-7c2r-3jqf-c9rw |
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-hwnx-vf4v-f3db
Aliases: CVE-2020-24616 GHSA-h3cw-g4mq-c5x2 |
Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). |
Affected by 0 other vulnerabilities. |
|
VCID-kfr9-3795-1yes
Aliases: CVE-2016-3720 GHSA-hmq6-frv3-4727 |
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||