To support the growing demands of open source security, OSS Index will migrate to Sonatype Guide on 04/28. To learn more about how to prepare for this transition, click here.
[CVE-2020-25649] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')
Description
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.