Описание
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.19.0 (исключая)
cpe:2.3:a:redhat:vscode-xml:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00384
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918
CWE-400
Связанные уязвимости
CVSS3: 9.1
github
почти 4 года назад
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
EPSS
Процентиль: 59%
0.00384
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-918
CWE-400