Описание
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Ссылки
- Patch
- Issue TrackingThird Party Advisory
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- ExploitIssue TrackingVendor Advisory
- Patch
- Issue TrackingThird Party Advisory
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 4.29 (исключая)Версия до 3.29.0 (исключая)Версия до 3.13.2400 (исключая)
Одно из
cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:org.eclipse.core.runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:pde:*:*:*:*:*:*:*:*
EPSS
Процентиль: 6%
0.00026
Низкий
5 Medium
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 5
ubuntu
больше 1 года назад
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CVSS3: 5
debian
больше 1 года назад
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content a ...
EPSS
Процентиль: 6%
0.00026
Низкий
5 Medium
CVSS3
Дефекты
CWE-611
CWE-611