Vulnerability Description
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 24 |
| Fasterxml | Jackson-Dataformat-Xml | <= 2.7.3 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.htmlThird Party Advisory
FAQ
What is CVE-2016-3720?
CVE-2016-3720 is a vulnerability with a CVSS score of 9.8 (CRITICAL). XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
How severe is CVE-2016-3720?
CVE-2016-3720 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-3720?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Fasterxml Jackson-Dataformat-Xml.