GHSA-6xq8-pvg4-3mf3

Source

https://github.com/advisories/GHSA-6xq8-pvg4-3mf3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-6xq8-pvg4-3mf3/GHSA-6xq8-pvg4-3mf3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6xq8-pvg4-3mf3

Aliases

CVE-2018-1000644

Published

2018-10-19T16:54:11Z

Modified

2024-02-16T08:23:41.029249Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Eclipse RDF4j vulnerable to XML External Entitiy

Details

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:20:48Z"
}

References

Affected packages

Maven / org.eclipse.rdf4j:rdf4j-runtime

Package

Name: org.eclipse.rdf4j:rdf4j-runtime; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.rdf4j/rdf4j-runtime

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0

Affected versions

1.*

1.0M1

1.0M2

1.0M3

1.0

1.0.1

1.0.2

1.0.3

2.*

2.0M1

2.0M2

2.0M3

2.0M4

2.0

2.0.1

2.0.2

2.0.3

2.1

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2

2.2.1

2.2.2

2.2.3

2.2.4

2.3-M1

2.3.0-M2

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0-M1

2.4.0-M2

2.4.0-M3