CVE-2019-10172 - XML External Entity (XXE)

Severity: High2022-01-19

Security Advisories


A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

The Oxygen products incorporate Jackson as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Web Author v22.1.0 High Oxygen XML Web Author build 2021122014





Severity: High

CVSS Score: 7.5

The Jackson third-party library used by Oxygen XML products is an affected version mentioned in CVE-2019-10172 vulnerability description.

Starting with Oxygen XML Web Author v23.1 Jackson library was updated to v2.11.0 which fixes this vulnerability.

List of Security Advisories