XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) prior to 2.7.8 and 2.8.x prior to 2.8.4 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fasterxml jackson-dataformat-xml 2.8.3 |
||
fasterxml jackson-dataformat-xml 2.8.0 |
||
fasterxml jackson-dataformat-xml 2.8.1 |
||
fasterxml jackson-dataformat-xml |
||
fasterxml jackson-dataformat-xml 2.8.2 |