CVE-2023-4218 (Medium) detected in org.eclipse.core.runtime-3.26.100.jar - autoclosed #3687
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
untriaged
Require the attention of the repository maintainers and may need to be prioritized
CVE-2023-4218 - Medium Severity Vulnerability
Vulnerable Library - org.eclipse.core.runtime-3.26.100.jar
Core Runtime
Library home page: https://projects.eclipse.org/projects/eclipse.platform
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.26.100/83c77ee0cfc948ea33f5054dda3f5c39250a7ed5/org.eclipse.core.runtime-3.26.100.jar
Dependency Hierarchy:
Found in HEAD commit: ea2f9b21a90bec2678ad31c113c847872c955ea8
Found in base branch: main
Vulnerability Details
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Publish Date: 2023-11-09
URL: CVE-2023-4218
CVSS 3 Score Details (5.0)
Base Score Metrics:
The text was updated successfully, but these errors were encountered: