CVE-2018-14720 in jackson-databindinfo

Summary

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

07/28/2018

Disclosure

01/02/2019

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
128616FasterXML jackson-databind XML Data xml external entity reference611Not definedOfficial fixCVE-2018-14720

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!