CVE-2018-1000546

Published June 26th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).

triplea-game/triplea

TripleA is a turn based strategy game and board game engine, similar to Axis & Allies or Risk.

GitHub

1.53K