com.fasterxml.jackson.dataformat:jackson-dataformat-xml (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.fasterxml.jackson.dataformat:jackson-dataformat-xml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2016-3720 — CVSS 9.8 (critical): XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers…
CVE-2016-7051 — CVSS 8.6 (high): XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers…