Vulnerability — CVE-2023-6194

CVE-2023-6194

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-6194
Description:: In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
Last updated date:: 12/13/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/13/2023
Reference url to background: https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/13/2023
Reference url to background: https://gitlab.eclipse.org/security/cve-assignement/-/issues/15

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/13/2023
Reference url to background: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169