CVE-2016-3720

CVE-2016-3720 describes an XML External Entity (XXE) vulnerability in Jackson’s Data format extension, jackson-dataformat-xml, specifically in XmlMapper. The connected documents corroborate a related XXE issue affecting jackson-mapper-asl and related Codehaus Jackson libraries, and reference warn...

CVE-2016-7051

CVE-2016-7051 affects jackson-dataformat-xml (XmlMapper). The vulnerability is a server-side request forgery (SSRF) flaw related to DTD handling, present in XmlMapper before 2.7.8 and in 2.8.x before 2.8.4. Impact is described as potential SSRF; exploit details are not provided in the initial doc...