{"id":"CVE-2016-3720","details":"XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.","aliases":["GHSA-hmq6-frv3-4727"],"modified":"2026-04-16T06:23:48.713984840Z","published":"2016-06-10T15:59:04.297Z","references":[{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fasterxml/jackson-dataformat-xml","events":[{"introduced":"0"},{"last_affected":"32f9b60809c457b4751dfe045cf19c8387f5a043"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.3"}]}}],"versions":["jackson-dataformat-xml-2.0.0","jackson-dataformat-xml-2.0.1","jackson-dataformat-xml-2.0.2","jackson-dataformat-xml-2.0.3","jackson-dataformat-xml-2.0.4","jackson-dataformat-xml-2.1.0","jackson-dataformat-xml-2.1.1","jackson-dataformat-xml-2.1.2","jackson-dataformat-xml-2.2.0","jackson-dataformat-xml-2.2.1","jackson-dataformat-xml-2.2.2","jackson-dataformat-xml-2.3.0","jackson-dataformat-xml-2.3.1","jackson-dataformat-xml-2.4.0","jackson-dataformat-xml-2.4.1","jackson-dataformat-xml-2.4.2","jackson-dataformat-xml-2.4.3","jackson-dataformat-xml-2.5.0","jackson-dataformat-xml-2.6.0","jackson-dataformat-xml-2.6.1","jackson-dataformat-xml-2.6.2","jackson-dataformat-xml-2.7.0","jackson-dataformat-xml-2.7.1","jackson-dataformat-xml-2.7.2","jackson-dataformat-xml-2.7.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3720.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"24"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}