CVE-2023-4218 (Medium) detected in org.eclipse.core.runtime-3.26.100.jar - autoclosed #3687
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
untriaged
Require the attention of the repository maintainers and may need to be prioritized
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
|
ℹ️ This issue was automatically closed by Mend because it is a duplicate of an existing issue: #3688 |
1 similar comment
|
ℹ️ This issue was automatically closed by Mend because it is a duplicate of an existing issue: #3688 |
github-actions
bot
added
the
untriaged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-4218 - Medium Severity Vulnerability
Core Runtime
Library home page: https://projects.eclipse.org/projects/eclipse.platform
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.26.100/83c77ee0cfc948ea33f5054dda3f5c39250a7ed5/org.eclipse.core.runtime-3.26.100.jar
Dependency Hierarchy:
Found in HEAD commit: ea2f9b21a90bec2678ad31c113c847872c955ea8
Found in base branch: main
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Publish Date: 2023-11-09
URL: CVE-2023-4218
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.The text was updated successfully, but these errors were encountered: