FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
{
"extracted_events": [
{
"introduced": "1.9.9-build246"
},
{
"last_affected": "1.9.9-build246"
},
{
"introduced": "6.5.9-build246"
},
{
"last_affected": "6.5.9-build246"
},
{
"introduced": "1.9.9-build247"
},
{
"last_affected": "1.9.9-build247"
},
{
"introduced": "2.0.7-build263"
},
{
"last_affected": "2.0.7-build263"
},
{
"introduced": "6.1.6-build166"
},
{
"last_affected": "6.1.6-build166"
},
{
"introduced": "6.1.6-build167"
},
{
"last_affected": "6.1.6-build167"
},
{
"introduced": "6.1.7-build168"
},
{
"last_affected": "6.1.7-build168"
},
{
"introduced": "6.1.8-build169"
},
{
"last_affected": "6.1.8-build169"
},
{
"introduced": "6.1.9-build172"
},
{
"last_affected": "6.1.9-build172"
},
{
"introduced": "6.2.0-build173"
},
{
"last_affected": "6.2.0-build173"
},
{
"introduced": "6.2.0-build174"
},
{
"last_affected": "6.2.0-build174"
},
{
"introduced": "6.2.1-build175"
},
{
"last_affected": "6.2.1-build175"
},
{
"introduced": "6.2.2-build176"
},
{
"last_affected": "6.2.2-build176"
},
{
"introduced": "6.2.3-build177"
},
{
"last_affected": "6.2.3-build177"
},
{
"introduced": "6.2.3-build178"
},
{
"last_affected": "6.2.3-build178"
},
{
"introduced": "6.2.4-build179"
},
{
"last_affected": "6.2.4-build179"
},
{
"introduced": "6.3.0-build180"
},
{
"last_affected": "6.3.0-build180"
},
{
"introduced": "6.3.0-build181"
},
{
"last_affected": "6.3.0-build181"
},
{
"introduced": "6.3.0-build182"
},
{
"last_affected": "6.3.0-build182"
},
{
"introduced": "6.3.0-build183"
},
{
"last_affected": "6.3.0-build183"
},
{
"introduced": "6.3.0-build184"
},
{
"last_affected": "6.3.0-build184"
},
{
"introduced": "6.3.0-build185"
},
{
"last_affected": "6.3.0-build185"
},
{
"introduced": "6.3.1-build186"
},
{
"last_affected": "6.3.1-build186"
},
{
"introduced": "6.3.2-build187"
},
{
"last_affected": "6.3.2-build187"
},
{
"introduced": "6.3.2-build188"
},
{
"last_affected": "6.3.2-build188"
},
{
"introduced": "6.3.3-build189"
},
{
"last_affected": "6.3.3-build189"
},
{
"introduced": "6.3.3-build190"
},
{
"last_affected": "6.3.3-build190"
},
{
"introduced": "6.3.3-build193"
},
{
"last_affected": "6.3.3-build193"
},
{
"introduced": "6.3.3-build255"
},
{
"last_affected": "6.3.3-build255"
},
{
"introduced": "6.3.4-build193"
},
{
"last_affected": "6.3.4-build193"
},
{
"introduced": "6.3.4-build194"
},
{
"last_affected": "6.3.4-build194"
},
{
"introduced": "6.3.5-build195"
},
{
"last_affected": "6.3.5-build195"
},
{
"introduced": "6.3.5-build197"
},
{
"last_affected": "6.3.5-build197"
},
{
"introduced": "6.3.5-build198"
},
{
"last_affected": "6.3.5-build198"
},
{
"introduced": "6.3.6-build201"
},
{
"last_affected": "6.3.6-build201"
},
{
"introduced": "6.3.6-build202"
},
{
"last_affected": "6.3.6-build202"
},
{
"introduced": "6.3.7-build203"
},
{
"last_affected": "6.3.7-build203"
},
{
"introduced": "6.3.7-build204"
},
{
"last_affected": "6.3.7-build204"
},
{
"introduced": "6.3.7-build205"
},
{
"last_affected": "6.3.7-build205"
},
{
"introduced": "6.3.7-build206"
},
{
"last_affected": "6.3.7-build206"
},
{
"introduced": "6.4.0-build207"
},
{
"last_affected": "6.4.0-build207"
},
{
"introduced": "6.4.0-build208"
},
{
"last_affected": "6.4.0-build208"
},
{
"introduced": "6.4.1-build209"
},
{
"last_affected": "6.4.1-build209"
},
{
"introduced": "6.4.1-build210"
},
{
"last_affected": "6.4.1-build210"
},
{
"introduced": "6.4.2-build212"
},
{
"last_affected": "6.4.2-build212"
},
{
"introduced": "6.4.3-build214"
},
{
"last_affected": "6.4.3-build214"
},
{
"introduced": "6.4.4-build215"
},
{
"last_affected": "6.4.4-build215"
},
{
"introduced": "6.4.5-build218"
},
{
"last_affected": "6.4.5-build218"
},
{
"introduced": "6.4.5-build219"
},
{
"last_affected": "6.4.5-build219"
},
{
"introduced": "6.4.5-build220"
},
{
"last_affected": "6.4.5-build220"
},
{
"introduced": "6.4.5-build221"
},
{
"last_affected": "6.4.5-build221"
},
{
"introduced": "6.4.5-build222"
},
{
"last_affected": "6.4.5-build222"
},
{
"introduced": "6.4.6-build223"
},
{
"last_affected": "6.4.6-build223"
},
{
"introduced": "6.4.6-build227"
},
{
"last_affected": "6.4.6-build227"
},
{
"introduced": "6.4.7-build228"
},
{
"last_affected": "6.4.7-build228"
},
{
"introduced": "6.4.7-build229"
},
{
"last_affected": "6.4.7-build229"
},
{
"introduced": "6.4.8-build230"
},
{
"last_affected": "6.4.8-build230"
},
{
"introduced": "6.4.8-build232"
},
{
"last_affected": "6.4.8-build232"
},
{
"introduced": "6.4.8-build233"
},
{
"last_affected": "6.4.8-build233"
},
{
"introduced": "6.4.8-build234"
},
{
"last_affected": "6.4.8-build234"
},
{
"introduced": "6.4.9-build235"
},
{
"last_affected": "6.4.9-build235"
},
{
"introduced": "6.5.0-build236"
},
{
"last_affected": "6.5.0-build236"
},
{
"introduced": "6.5.1-build238"
},
{
"last_affected": "6.5.1-build238"
},
{
"introduced": "6.5.2-build239"
},
{
"last_affected": "6.5.2-build239"
},
{
"introduced": "6.5.3-build240"
},
{
"last_affected": "6.5.3-build240"
},
{
"introduced": "6.5.4-build241"
},
{
"last_affected": "6.5.4-build241"
},
{
"introduced": "6.5.5-build242"
},
{
"last_affected": "6.5.5-build242"
},
{
"introduced": "6.5.5-build243"
},
{
"last_affected": "6.5.5-build243"
},
{
"introduced": "6.5.8-build244"
},
{
"last_affected": "6.5.8-build244"
},
{
"introduced": "6.5.8-build245"
},
{
"last_affected": "6.5.8-build245"
},
{
"introduced": "6.6.0-build248"
},
{
"last_affected": "6.6.0-build248"
},
{
"introduced": "6.6.1-build249"
},
{
"last_affected": "6.6.1-build249"
},
{
"introduced": "6.6.2-build250"
},
{
"last_affected": "6.6.2-build250"
},
{
"introduced": "6.6.2-build251"
},
{
"last_affected": "6.6.2-build251"
},
{
"introduced": "6.6.3-build252"
},
{
"last_affected": "6.6.3-build252"
},
{
"introduced": "6.6.3-build253"
},
{
"last_affected": "6.6.3-build253"
},
{
"introduced": "6.6.4-build256"
},
{
"last_affected": "6.6.4-build256"
},
{
"introduced": "6.6.5-build257"
},
{
"last_affected": "6.6.5-build257"
},
{
"introduced": "6.6.6-build258"
},
{
"last_affected": "6.6.6-build258"
},
{
"introduced": "6.6.7-build529"
},
{
"last_affected": "6.6.7-build529"
},
{
"introduced": "6.6.8-build260"
},
{
"last_affected": "6.6.8-build260"
},
{
"introduced": "6.7.0-build261"
},
{
"last_affected": "6.7.0-build261"
},
{
"introduced": "6.7.0-build262"
},
{
"last_affected": "6.7.0-build262"
},
{
"introduced": "6.7.0-build264"
},
{
"last_affected": "6.7.0-build264"
},
{
"introduced": "6.7.0-build265hotfix"
},
{
"last_affected": "6.7.0-build265hotfix"
},
{
"introduced": "6.7.1-build266"
},
{
"last_affected": "6.7.1-build266"
},
{
"introduced": "6.7.1-build267"
},
{
"last_affected": "6.7.1-build267"
},
{
"introduced": "6.7.1-build268"
},
{
"last_affected": "6.7.1-build268"
},
{
"introduced": "6.7.2-build269"
},
{
"last_affected": "6.7.2-build269"
},
{
"introduced": "6.7.2-build270"
},
{
"last_affected": "6.7.2-build270"
},
{
"introduced": "6.7.3-build271"
},
{
"last_affected": "6.7.3-build271"
},
{
"introduced": "6.7.4-build272"
},
{
"last_affected": "6.7.4-build272"
}
],
"cpe": [
"cpe:2.3:a:frostwire:frostwire:1.9.9:build246:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.9:build246:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:1.9.9:build247:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:2.0.7:build263:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.1.6:build166:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.1.6:build167:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.1.7:build168:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.1.8:build169:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.1.9:build172:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.0:build173:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.0:build174:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.1:build175:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.2:build176:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.3:build177:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.3:build178:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.2.4:build179:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.0:build180:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.0:build181:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.0:build182:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.0:build183:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.0:build184:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.0:build185:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.1:build186:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.2:build187:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.2:build188:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.3:build189:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.3:build190:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.3:build193:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.3:build255:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.4:build193:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.4:build194:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.5:build195:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.5:build197:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.5:build198:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.6:build201:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.6:build202:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.7:build203:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.7:build204:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.7:build205:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.3.7:build206:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.0:build207:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.0:build208:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.1:build209:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.1:build210:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.2:build212:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.3:build214:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.4:build215:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.5:build218:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.5:build219:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.5:build220:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.5:build221:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.5:build222:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.6:build223:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.6:build227:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.7:build228:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.7:build229:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.8:build230:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.8:build232:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.8:build233:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.8:build234:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.4.9:build235:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.0:build236:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.1:build238:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.2:build239:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.3:build240:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.4:build241:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.5:build242:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.5:build243:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.8:build244:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.5.8:build245:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.0:build248:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.1:build249:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.2:build250:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.2:build251:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.3:build252:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.3:build253:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.4:build256:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.5:build257:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.6:build258:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.7:build529:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.6.8:build260:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.0:build261:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.0:build262:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.0:build264:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.0:build265hotfix:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.1:build266:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.1:build267:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.1:build268:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.2:build269:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.2:build270:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.3:build271:*:*:*:desktop:*:*",
"cpe:2.3:a:frostwire:frostwire:6.7.4:build272:*:*:*:desktop:*:*"
],
"source": "CPE_STRING"
}