Описание
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus's jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.
Отчет
Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | jackson-mapper-asl | Out of support scope | ||
| Red Hat Decision Manager 7 | jackson-mapper-asl | Will not fix | ||
| Red Hat JBoss A-MQ 6 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss BRMS 5 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss Fuse 6 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | jackson-mapper-asl | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | jackson-mapper-asl | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
Уязвимость компонента org.codehaus.jackson библиотеки jackson-mapper-asl, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
5.9 Medium
CVSS3