You are here

XXE Vulnerability in Jackson

IDs: 
CVE-2016-3720
Keywords: 
java, XXE, XML, fasterxml, jackson
Description: 

XmlMapper in jackson-dataformat-xml prior to 2.7.4 is vulnerable to an XXE attack ("Improper Restriction of XML External Entity Reference") rated with CVSS severity 9.8.

Airlock IAM is not affected, as the 'dataformat' part of jackson is not included in the product.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required