1. Home
  2. Vulnerabilities
  3. CVE-2023-4218

CVE-2023-4218

CVSS v3.1 5 (Medium)
50% Progress
EPSS 0.05 % (17th)
0.05% Progress
Affected Products 3
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
Eclipse Foundation
Published Date
2023-11-09 09:15:08
(10 months ago)
Updated Date
2023-11-24 18:25:48
(9 months ago)

Affected Products

Eclipse

Configuration #1

    CPE23 From Up To
  Eclipse Ide prior 4.29 version cpe:2.3:a:eclipse:eclipse_ide < 4.29
  Org.eclipse.core.runtime prior 3.29.0 version cpe:2.3:a:eclipse:org.eclipse.core.runtime < 3.29.0
  Eclipse Pde prior 3.13.2400 version cpe:2.3:a:eclipse:pde < 3.13.2400