XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
2016-06-10T15:59:04.297
2025-04-12T10:46:40.837
Deferred
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | fedoraproject | fedora | 24 | Yes |
| Application | fasterxml | jackson-dataformat-xml | ≤ 2.7.3 | Yes |