Server-side request forgery (SSRF) In com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Description
jackson-dataformat-xml vulnerable to server side request forgery (SSRF) Versions of jackson-dataformat-xml) prior to 2.7.8 and prior to 2.8.4 allow remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 2.7.8, 2.8.4 | ||
 debian 14 | 2.8.5-1 | ||
debian 13 | 2.8.5-1 | ||
debian 11 | 2.8.5-1 | ||
debian 12 | 2.8.5-1 |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3. 4.