You are here
XXE Vulnerability in Jackson
Submitted on 16. June 2016 - 10:25 by Anonymous (not verified).
Last update on 18. August 2020 - 16:43.
Last update on 18. August 2020 - 16:43.
IDs:
CVE-2016-3720
Keywords:
java, XXE, XML, fasterxml, jackson
Description:
XmlMapper in jackson-dataformat-xml prior to 2.7.4 is vulnerable to an XXE attack ("Improper Restriction of XML External Entity Reference") rated with CVSS severity 9.8.
Airlock IAM is not affected, as the 'dataformat' part of jackson is not included in the product.
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required
Reference: