CVE-2023-6194

CVSS V2 None CVSS V3 None

Description

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

Overview

CVE ID
CVE-2023-6194

Assigner
eclipse

Vulnerability Status
PUBLISHED

Published Version
2023-12-11T14:04:51.680Z

Last Modified Date
2023-12-11T14:04:51.680Z

Weakness Enumerations

CWE	URL
CWE-611	http://cwe.mitre.org/data/definitions/611.html

References

Reference URL	Reference Tags
https://gitlab.eclipse.org/security/cve-assignement/-/issues/15
https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6194
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6194

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 05:59:04				Added to TrackCVE