CVE-2018-1000644

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000644

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000644.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000644

Aliases

GHSA-6xq8-pvg4-3mf3

Published

2018-08-20T19:31:39Z

Modified

2024-05-13T23:09:16Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

References

Affected packages

Git / github.com/eclipse/rdf4j

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/rdf4j
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac4e1467d0cdb2c4069a6f86a8d180cec5f9f2d4