CVE-2018-1000828
Published
CVSS v3
9
CRITICAL
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT
Description
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
An easy to use Cloud Downloader, BitTorrent Client. Search, Download, Share
GitHub