Critical severityNVD Advisory· Published Dec 20, 2018· Updated Sep 16, 2024
CVE-2018-1000823
CVE-2018-1000823
Description
exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.exist-db:exist-coreMaven | < 5.1.0 | 5.1.0 |
Affected products
1Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-jxm5-5xcw-h57qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000823ghsaADVISORY
- 0dd.zone/2018/10/27/exist-XXEghsaWEB
- 0dd.zone/2018/10/27/exist-XXE/mitrex_refsource_MISC
- github.com/eXist-db/exist/commit/1c3f0aec14d00bdbca175713af70cb7c7b868e9fghsaWEB
- github.com/eXist-db/exist/commit/b210f9fbf379b68842f2b055dda80d7e7479e96fghsaWEB
- github.com/eXist-db/exist/issues/2180ghsax_refsource_MISCWEB
- github.com/eXist-db/exist/pull/2243ghsaWEB
- github.com/eXist-db/exist/pull/2247ghsaWEB
News mentions
0No linked articles in our index yet.