First published: Wed May 29 2019(Updated: )
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar <a href="https://access.redhat.com/security/cve/CVE-2016-3720">CVE-2016-3720</a> also affects codehaus jackson-mapper-asl libraries but in different classes. References: <a href="https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721">https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721</a>
Affected Software | Affected Version | How to fix |
---|---|---|
FasterXML Jackson Mapper ASL | >=1.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-1715075 is high due to the potential for XML external entity vulnerabilities.
To fix REDHAT-BUG-1715075, update to a patched version of the jackson-mapper-asl library that addresses the vulnerability.
Versions of org.codehaus.jackson:jackson-mapper-asl prior to the patched release and starting from 1.9.0 are affected by REDHAT-BUG-1715075.
The vulnerability REDHAT-BUG-1715075 impacts the org.codehaus.jackson:jackson-mapper-asl library.
While specific exploits for REDHAT-BUG-1715075 have not been publicly disclosed, the vulnerability type suggests it could be exploited in scenarios where XML input is processed.