Moderate severity vulnerability that affects com.fasterxml.jackson.dataformat:jackson-dataformat-xml

2018-10-18T17:43:28
ID GHSA-7C2R-3JQF-C9RW
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:04

Description

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.