CVE-2018-1000834

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000834

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000834.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000834

Published

2018-12-20T15:29:01.547Z

Modified

2026-03-14T09:26:10.271489Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

References

Affected packages

Git / github.com/runelite/runelite

Affected ranges

Type

GIT

Repo

https://github.com/runelite/runelite

Events

Introduced

Last affected

494057adf6116bf2a9658818caa2140f27041348

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.23"
        }
    ]
}

Affected versions

runelite-parent-1.*

runelite-parent-1.0

runelite-parent-1.1.0

runelite-parent-1.1.1

runelite-parent-1.1.10

runelite-parent-1.1.11

runelite-parent-1.1.12

runelite-parent-1.1.13

runelite-parent-1.1.14

runelite-parent-1.1.15

runelite-parent-1.1.16

runelite-parent-1.1.17

runelite-parent-1.1.18

runelite-parent-1.1.19

runelite-parent-1.1.2

runelite-parent-1.1.21

runelite-parent-1.1.22

runelite-parent-1.1.23

runelite-parent-1.1.24

runelite-parent-1.1.25

runelite-parent-1.1.26

runelite-parent-1.1.27

runelite-parent-1.1.28

runelite-parent-1.1.29

runelite-parent-1.1.3

runelite-parent-1.1.30

runelite-parent-1.1.31

runelite-parent-1.1.32

runelite-parent-1.1.33

runelite-parent-1.1.4

runelite-parent-1.1.5

runelite-parent-1.1.6

runelite-parent-1.1.7

runelite-parent-1.1.8

runelite-parent-1.1.9

runelite-parent-1.2.0

runelite-parent-1.2.1

runelite-parent-1.2.10

runelite-parent-1.2.11

runelite-parent-1.2.12

runelite-parent-1.2.13

runelite-parent-1.2.14

runelite-parent-1.2.15

runelite-parent-1.2.16

runelite-parent-1.2.17

runelite-parent-1.2.18

runelite-parent-1.2.19

runelite-parent-1.2.2

runelite-parent-1.2.3

runelite-parent-1.2.4

runelite-parent-1.2.5

runelite-parent-1.2.6

runelite-parent-1.2.7

runelite-parent-1.2.8

runelite-parent-1.2.9

runelite-parent-1.3.0

runelite-parent-1.3.1

runelite-parent-1.3.2

runelite-parent-1.3.3

runelite-parent-1.3.4

runelite-parent-1.3.5

runelite-parent-1.3.6

runelite-parent-1.3.7

runelite-parent-1.3.8

runelite-parent-1.3.9

runelite-parent-1.4.0

runelite-parent-1.4.1

runelite-parent-1.4.10

runelite-parent-1.4.11

runelite-parent-1.4.12

runelite-parent-1.4.13

runelite-parent-1.4.14

runelite-parent-1.4.15

runelite-parent-1.4.16

runelite-parent-1.4.17

runelite-parent-1.4.18

runelite-parent-1.4.19

runelite-parent-1.4.2

runelite-parent-1.4.20

runelite-parent-1.4.21

runelite-parent-1.4.22

runelite-parent-1.4.23

runelite-parent-1.4.3

runelite-parent-1.4.4

runelite-parent-1.4.5

runelite-parent-1.4.6

runelite-parent-1.4.7

runelite-parent-1.4.8

runelite-parent-1.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000834.json"