In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2022-35072 | In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://bugs.eclipse.org/580542 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: eclipse
Published:
Updated: 2024-08-03T00:52:59.807Z
Reserved: 2022-08-16T00:00:00
Link: CVE-2022-2838

No data.

Status : Modified
Published: 2022-08-16T10:15:08.360
Modified: 2024-11-21T07:01:46.940
Link: CVE-2022-2838

No data.

No data.