CVE-2018-1000844

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000844

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000844.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000844

Aliases

GHSA-j379-9jr9-w5cq

Published

2018-12-20T15:29:02Z

Modified

2024-06-06T12:05:42.899417Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437.

References

https://github.com/square/retrofit/pull/2735

Affected packages

Git / github.com/square/retrofit

Affected ranges

Type: GIT
Repo: https://github.com/square/retrofit
Events: Introduced

7158698314daa138e993fac6a590ed19d78a8599

Fixed

40621bf538f6d48af182350adc880406c53dc67c

Affected versions

parent-2.*

parent-2.4.0