In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2023-11-09T08:26:51.567Z
Updated: 2024-09-03T19:26:14.225Z
Reserved: 2023-08-08T06:06:20.616Z
Link: CVE-2023-4218
Vulnrichment
Updated: 2024-08-02T07:17:12.212Z
NVD
Status : Analyzed
Published: 2023-11-09T09:15:08.320
Modified: 2023-11-24T18:25:48.900
Link: CVE-2023-4218
Redhat
No data.