Описание
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.8.5-1 |
| cosmic | not-affected | 2.8.5-1 |
| devel | not-affected | 2.8.5-1 |
| disco | not-affected | 2.8.5-1 |
| eoan | not-affected | 2.8.5-1 |
| esm-apps/bionic | not-affected | 2.8.5-1 |
| esm-apps/focal | not-affected | 2.8.5-1 |
| esm-apps/jammy | not-affected | 2.8.5-1 |
| esm-apps/noble | not-affected | 2.8.5-1 |
Показывать по
5 Medium
CVSS2
8.6 High
CVSS3
Связанные уязвимости
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.
XmlMapper in the Jackson XML dataformat component (aka jackson-datafor ...
jackson-dataformat-xml vulnerable to server side request forgery (SSRF)
5 Medium
CVSS2
8.6 High
CVSS3