[eclipse-sig] [Bug 1857369] New: CVE-2019-17637 eclipse-webtools: XML external entity vulnerability in DTD Parser/Validator

Wednesday, 15 July 2020

https://bugzilla.redhat.com/show_bug.cgi?id=1857369

            Bug ID: 1857369
           Summary: CVE-2019-17637 eclipse-webtools: XML external entity
                    vulnerability in DTD Parser/Validator
           Product: Security Response
          Hardware: All
                OS: Linux
            Status: NEW
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team(a)redhat.com
          Reporter: psampaio(a)redhat.com
                CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
                    mat.booth(a)redhat.com
  Target Milestone: ---
    Classification: Other

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06),
XML and DTD files referring to external entities could be exploited to send the
contents of local files to a remote server when edited or validated, even when
external entity resolution is disabled in the user preferences.

Upstream bug:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

[eclipse-sig] [Bug 1857369] New: CVE-2019-17637 eclipse-webtools: XML external entity vulnerability in DTD Parser/Validator