redhat-developer/vscode-xml

redhat-developer/vscode-xml

Releases45

Frequency2 months 3 days

Last Release 8 days ago

Stars319

Editing XML in Visual Studio Code made easy

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-0671 ↗	Feb 18, 2022Friday, 18 February 2022, 18:15	9.1 CRITICAL	6.4 MEDIUM
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.
CVE-2019-18212 ↗	Oct 23, 2019Wednesday, 23 October 2019, 22:15	6.5 MEDIUM	4 MEDIUM
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213 ↗	Oct 23, 2019Wednesday, 23 October 2019, 22:15	8.8 HIGH	6.5 MEDIUM
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.