You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 5, 2024. It is now read-only.
Path to dependency file: /dsl/gen/meta/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
CVE-2023-4218 - Medium Severity Vulnerability
Core Runtime
Library home page: http://www.eclipse.org/platform
Path to dependency file: /dsl/gen/meta/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.19.0/87baae14592eeed8fd055f3faed99b0bab5cae64/org.eclipse.core.runtime-3.19.0.jar
Dependency Hierarchy:
Found in HEAD commit: 8d1e24260d1985acc52e5d1710bcc43fcf3848ca
Found in base branch: master
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Publish Date: 2023-11-09
URL: CVE-2023-4218
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-4218
Release Date: 2023-11-09
Fix Resolution: org.eclipse.core.runtime:3.29.0