[MAVEN:GHSA-6XQ8-PVG4-3MF3] Eclipse RDF4j vulnerable to XML External Entitiy

Severity Critical

Affected Packages 1

Fixed Packages 1

CVEs 1

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

Package	Affected Version
pkg:maven/org.eclipse.rdf4j/rdf4j-runtime	< 2.4.0

Package	Fixed Version
pkg:maven/org.eclipse.rdf4j/rdf4j-runtime	= 2.4.0

ID: MAVEN:GHSA-6XQ8-PVG4-3MF3
Severity: critical
URL: https://github.com/advisories/GHSA-6xq8-pvg4-3mf3
Published: 2018-10-19T16:54:11
(6 years ago)
Modified: 2023-01-09T05:03:57
(20 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2018-1000644
			https://github.com/eclipse/rdf4j/issues/1056
			https://0dd.zone/2018/08/05/rdf4j-XXE/
			https://github.com/advisories/GHSA-6xq8-pvg4-3mf3

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.eclipse.rdf4j/rdf4j-runtime	org.eclipse.rdf4j	rdf4j-runtime	< 2.4.0
Fixed	pkg:maven/org.eclipse.rdf4j/rdf4j-runtime	org.eclipse.rdf4j	rdf4j-runtime	= 2.4.0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date