https://bugzilla.redhat.com/show_bug.cgi?id=1857369 Bug ID: 1857369 Summary: CVE-2019-17637 eclipse-webtools: XML external entity vulnerability in DTD Parser/Validator Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt, mat.booth(a)redhat.com Target Milestone: --- Classification: Other In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. Upstream bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571 -- You are receiving this mail because: You are on the CC list for the bug.