CVE-2018-1000837

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000837
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000837.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000837
Published
2018-12-20T15:29:01.703Z
Modified
2026-04-10T04:04:15.912262Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.

References

Affected packages

Git / github.com/obeonetwork/uml-designer

Affected ranges

Type
GIT
Repo
https://github.com/obeonetwork/uml-designer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6a79185701a87eea088bcac024f71a8731ddf302
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.0"
        }
    ]
}

Affected versions

0.*
0.9
1.*
1.0
1.4.0
1.5.0
1.5.1
1.5.2
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.3.1
2.4.0
2.4.1
3.*
3.0.0
4.*
4.0.0
4.0.1
5.*
5.0.0
6.*
6.0.0
7.*
7.0.0
7.1.0
8.*
8.0.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000837.json"