VulnerableCode Package Details - pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.7.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-ekx6-m3n8-1bcw Aliases: CVE-2016-7051 GHSA-7c2r-3jqf-c9rw	XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.	2.7.8 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.8.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-hwnx-vf4v-f3db Aliases: CVE-2020-24616 GHSA-h3cw-g4mq-c5x2	Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	2.10.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ekx6-m3n8-1bcw
Aliases:
CVE-2016-7051
GHSA-7c2r-3jqf-c9rw

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

2.7.8
Affected by 1 other vulnerability.

2.8.4
Affected by 1 other vulnerability.

VCID-hwnx-vf4v-f3db
Aliases:
CVE-2020-24616
GHSA-h3cw-g4mq-c5x2

Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

2.10.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-kfr9-3795-1yes	XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.	CVE-2016-3720 GHSA-hmq6-frv3-4727

Vulnerability

Summary

Aliases

VCID-kfr9-3795-1yes

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.

CVE-2016-3720
GHSA-hmq6-frv3-4727

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:06:41.863258+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.4.0
2026-04-16T20:49:16.943724+00:00	GitLab Importer	Affected by	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.4.0
2026-04-16T20:34:12.725741+00:00	GitLab Importer	Fixing	VCID-kfr9-3795-1yes	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-3720.yml	38.4.0
2026-04-16T01:25:23.538060+00:00	GHSA Importer	Fixing	VCID-kfr9-3795-1yes	https://github.com/advisories/GHSA-hmq6-frv3-4727	38.4.0
2026-04-11T22:18:16.438757+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.3.0
2026-04-11T22:00:19.144934+00:00	GitLab Importer	Affected by	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.3.0
2026-04-11T21:44:40.777325+00:00	GitLab Importer	Fixing	VCID-kfr9-3795-1yes	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-3720.yml	38.3.0
2026-04-11T12:54:42.012352+00:00	GHSA Importer	Fixing	VCID-kfr9-3795-1yes	https://github.com/advisories/GHSA-hmq6-frv3-4727	38.3.0
2026-04-02T22:30:18.083933+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.1.0
2026-04-02T22:13:24.803217+00:00	GitLab Importer	Affected by	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.1.0
2026-04-02T21:58:44.878330+00:00	GitLab Importer	Fixing	VCID-kfr9-3795-1yes	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-3720.yml	38.1.0
2026-04-02T13:47:18.449064+00:00	GHSA Importer	Fixing	VCID-kfr9-3795-1yes	https://github.com/advisories/GHSA-hmq6-frv3-4727	38.1.0
2026-04-01T16:48:25.010838+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.0.0
2026-04-01T16:30:48.740764+00:00	GitLab Importer	Affected by	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.0.0
2026-04-01T15:57:01.471561+00:00	GHSA Importer	Fixing	VCID-kfr9-3795-1yes	https://github.com/advisories/GHSA-hmq6-frv3-4727	38.0.0
2026-04-01T13:03:26.099265+00:00	GithubOSV Importer	Fixing	VCID-kfr9-3795-1yes	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-hmq6-frv3-4727/GHSA-hmq6-frv3-4727.json	38.0.0
2026-04-01T12:47:04.347005+00:00	GitLab Importer	Fixing	VCID-kfr9-3795-1yes	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-3720.yml	38.0.0