CVE-2023-4218

Published
View on NVD ↗
CVSS v3
5
MEDIUM
CVSS v2
N/A
Affected
9
PROJECTS

Description

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

eclipse-emf/org.eclipse.emf
eclipse-emf/org.eclipse.emf
GitHubGitHub
31
eclipse-pde/eclipse.pde
eclipse-pde/eclipse.pde
GitHubGitHub
40
eclipse-platform/eclipse.platform
eclipse-platform/eclipse.platform
Eclipse Platform - a comprehensive set of frameworks and common services that collectively provide a powerful software development infrastructure.
GitHubGitHub
154
eclipse-platform/eclipse.platform.releng.buildtools
eclipse-platform/eclipse.platform.releng.buildtools
GitHubGitHub
1
eclipse-platform/eclipse.platform.ui
eclipse-platform/eclipse.platform.ui
Eclipse Platform UI - a comprehensive set of frameworks and common services that collectively provide a powerful software development infrastructure.
GitHubGitHub
119
eclipse-jdt/eclipse.jdt.ui
eclipse-jdt/eclipse.jdt.ui
GitHubGitHub
58
eclipse-jdt/eclipse.jdt.core
eclipse-jdt/eclipse.jdt.core
GitHubGitHub
233
eclipse-platform/eclipse.platform.swt
eclipse-platform/eclipse.platform.swt
Eclipse SWT - The Standard Widget Toolkit
GitHubGitHub
195
eclipse-cdt/cdt
eclipse-cdt/cdt
Eclipse CDT™ C/C++ Development Tools
GitHubGitHub
370