Server-Side Request Forgery (SSRF) Affecting com.fasterxml.jackson.dataformat:jackson-dataformat-xml Open this link in a new tab package, versions [2.7.4,2.7.8) [2.8.0,2.8.4]
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
28 Mar 2017
15 Apr 2016
com.fasterxml.jackson.dataformat:jackson-dataformat-xml is a Data format extension for Jackson to offer alternative support for serializing POJOs as XML and deserializing XML as pojos.
A flaw was found in jackson-dataformat-xml's XmlMapper which allows XXE Out of Band attack. An attacker could use this flaw to launch a SSRF attack.