FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-02T18:00:00
Updated: 2020-08-31T13:06:09
Reserved: 2018-07-28T00:00:00
Link: CVE-2018-14720
JSON object: View
NVD Information
Status : Modified
Published: 2019-01-02T18:29:00.467
Modified: 2023-11-07T02:53:01.137
Link: CVE-2018-14720
JSON object: View
Redhat Information
No data.