CVE-2018-1000651

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000651

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000651.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000651

Published

2018-08-20T19:31:43.870Z

Modified

2026-04-10T04:03:35.548069Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

References

Affected packages

Git / github.com/gchq/stroom

Affected ranges

Type

GIT

Repo

https://github.com/gchq/stroom

Events

Introduced

Fixed

d1770b79eb87579e2264474d9da3fd17eb127931

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.4.5"
        }
    ]
}

Affected versions

v5.*

v5.0-beta.10

v5.0-beta.11

v5.0-beta.12

v5.0-beta.13

v5.0-beta.14

v5.0-beta.17

v5.0-beta.18

v5.0-beta.19

v5.0-beta.20

v5.0-beta.21

v5.0-beta.22

v5.0-beta.23

v5.0-beta.24

v5.0-beta.4

v5.0-beta.7

v5.0-beta.8

v5.0-beta.9

v5.1-alpha.1

v5.1-beta.1

v5.1-beta.10

v5.1-beta.11

v5.1-beta.12

v5.1-beta.13

v5.1-beta.14

v5.1-beta.15

v5.1-beta.16

v5.1-beta.2

v5.1-beta.3

v5.1-beta.4

v5.1-beta.5

v5.1-beta.6

v5.1-beta.7

v5.1-beta.8

v5.1-beta.9

v5.1.0

v5.2.1

v5.2.2

v5.2.3

v5.2.4

v5.3.0

v5.3.0-beta.1

v5.3.0-beta.2

v5.3.0-beta.3

v5.3.0-beta.4

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000651.json"