Описание
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:netbeans-mmd-plugin_project:netbeans-mmd-plugin:1.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01349
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
EPSS
Процентиль: 80%
0.01349
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-611