In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2023-11-09T08:26:51.567Z

Updated: 2024-09-03T19:26:14.225Z

Reserved: 2023-08-08T06:06:20.616Z

Link: CVE-2023-4218

cve-icon Vulnrichment

Updated: 2024-08-02T07:17:12.212Z

cve-icon NVD

Status : Analyzed

Published: 2023-11-09T09:15:08.320

Modified: 2023-11-24T18:25:48.900

Link: CVE-2023-4218

cve-icon Redhat

No data.