Vulnerabilities > Fasterxml > Jackson Dataformat XML > 2.3.4

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2016-7051 Server-Side Request Forgery (SSRF) vulnerability in Fasterxml Jackson-Dataformat-Xml
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
network
low complexity
fasterxml CWE-918
5.0
5.0
2016-06-10 CVE-2016-3720 XML External Entity Injection vulnerability in FasterXML Jackson
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
network
low complexity
fedoraproject fasterxml
7.5
7.5