CVE-2019-10172 - XML External Entity (XXE)
Severity: High2022-01-19
Abstract
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
The Oxygen products incorporate Jackson as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Web Author v22.1.0 | High | Oxygen XML Web Author 23.1.1.3 build 2021122014 |
Detail
CVE-2019-10172
Severity: High
CVSS Score: 7.5
The Jackson third-party library used by Oxygen XML products is an affected version mentioned in CVE-2019-10172 vulnerability description.
Starting with Oxygen XML Web Author v23.1 Jackson library was updated to v2.11.0 which fixes this vulnerability.