Описание
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2.9.8-1 |
| cosmic | ignored | end of life |
| devel | not-affected | 2.9.7 |
| disco | not-affected | 2.9.7 |
| eoan | not-affected | 2.9.7 |
| esm-apps/bionic | not-affected | 2.9.8-1 |
| esm-apps/focal | not-affected | 2.9.7 |
| esm-apps/jammy | not-affected | 2.9.7 |
| esm-apps/noble | not-affected | 2.9.7 |
| esm-apps/xenial | released | 2.4.2-3ubuntu0.1~esm2 |
Показывать по
Ссылки на источники
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to c ...
XML External Entity Reference (XXE) in jackson-databind
Уязвимость библиотеки jackson-databind, связанная с ошибкой ограничения XML-ссылок на внешние объекты, позволяющая нарушителю осуществить XXE-атаку
7.5 High
CVSS2
9.8 Critical
CVSS3