CVE-2018-1000652

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.

References

Affected packages

Git / github.com/jabref/jabref

Affected ranges

Type

GIT

Repo

https://github.com/jabref/jabref

Events

Introduced

Last affected

389555e4a095257d1c21719bfb261b7cf2622fef

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.1"
        }
    ]
}

Affected versions

v3.*

v3.0

v3.1

v3.2

v3.3

v3.4

v3.5

v4.*

v4.0

v4.0-beta

v4.0-beta2

v4.0-beta3

v4.1

v4.2

v4.3

v4.3.1

v_2.*

v_2.10

v_2.10b2

v_2.10b3

v_2.11b

v_2.11b2

v_2.11b3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000652.json"