Vulnerability

CVE-2023-4218

 Report advisory or correction

CVSS Score 5.0 medium

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-611

References

https://gitlab.eclipse.org/security/cve-assignement/-/issues/8
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8
https://github.com/advisories/GHSA-j24h-xcpc-9jw8
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4218

[CVE-2023-4218] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Description

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

Deviation Notice:
Sonatype's research suggests that this CVE's details differ from those defined at NVD or other reporting sources; sign in for details.

Sign up and see:

Detailed deviation notices:
  • Detailed deviations
  • References
  • Custom Descriptions [Coming Soon]
Sign Up
See org.eclipse.emf/org.eclipse.emf.ecore.xmi package information