https://bugzilla.redhat.com/show_bug.cgi?id=1857369
Bug ID: 1857369
Summary: CVE-2019-17637 eclipse-webtools: XML external entity
vulnerability in DTD Parser/Validator
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com
Target Milestone: ---
Classification: Other
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06),
XML and DTD files referring to external entities could be exploited to send the
contents of local files to a remote server when edited or validated, even when
external entity resolution is disabled in the user preferences.
Upstream bug:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
--
You are receiving this mail because:
You are on the CC list for the bug.