Unrated severityOSV Advisory· Published Dec 20, 2018· Updated Sep 17, 2024
CVE-2018-1000828
CVE-2018-1000828
Description
FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the middle the call to update the software.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- 0dd.zone/2018/10/28/frostwire-XXE-MitM/mitrex_refsource_MISC
- github.com/frostwire/frostwire/issues/829mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.