Overview
- Description
- In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
- Source
- emo@eclipse.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5
- Impact score
- 3.6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B8336F1-FA6C-46B0-B4D2-F5B01D3F64DD",
"versionEndExcluding": "4.29"
},
{
"criteria": "cpe:2.3:a:eclipse:org.eclipse.core.runtime:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25A5577C-DC07-414F-AF2E-E45B65408680",
"versionEndExcluding": "3.29.0"
},
{
"criteria": "cpe:2.3:a:eclipse:pde:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81620F59-7825-4EAC-AF33-103FD0F203F9",
"versionEndExcluding": "3.13.2400"
}
],
"operator": "OR"
}
]
}
]