VulnerableCode Package Details - pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml@2.8.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-hwnx-vf4v-f3db Aliases: CVE-2020-24616 GHSA-h3cw-g4mq-c5x2	Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).	2.10.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-hwnx-vf4v-f3db
Aliases:
CVE-2020-24616
GHSA-h3cw-g4mq-c5x2

Code Injection in jackson-databind This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

2.10.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ekx6-m3n8-1bcw	XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.	CVE-2016-7051 GHSA-7c2r-3jqf-c9rw

Vulnerability

Summary

Aliases

VCID-ekx6-m3n8-1bcw

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

CVE-2016-7051
GHSA-7c2r-3jqf-c9rw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:06:41.902102+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.4.0
2026-04-16T20:49:16.985009+00:00	GitLab Importer	Fixing	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.4.0
2026-04-11T22:18:16.482992+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.3.0
2026-04-11T22:00:19.189970+00:00	GitLab Importer	Fixing	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.3.0
2026-04-02T22:30:18.123750+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.1.0
2026-04-02T22:13:24.845905+00:00	GitLab Importer	Fixing	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.1.0
2026-04-01T16:48:25.057815+00:00	GitLab Importer	Affected by	VCID-hwnx-vf4v-f3db	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2020-24616.yml	38.0.0
2026-04-01T15:57:01.502099+00:00	GHSA Importer	Fixing	VCID-ekx6-m3n8-1bcw	https://github.com/advisories/GHSA-7c2r-3jqf-c9rw	38.0.0
2026-04-01T13:03:33.283026+00:00	GithubOSV Importer	Fixing	VCID-ekx6-m3n8-1bcw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-7c2r-3jqf-c9rw/GHSA-7c2r-3jqf-c9rw.json	38.0.0
2026-04-01T12:48:06.288465+00:00	GitLab Importer	Fixing	VCID-ekx6-m3n8-1bcw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/CVE-2016-7051.yml	38.0.0