Critical severityNVD Advisory· Published Dec 20, 2018· Updated Sep 17, 2024
CVE-2018-1000844
CVE-2018-1000844
Description
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.squareup.retrofit2:retrofitMaven | >= 2.0.0, < 2.5.0 | 2.5.0 |
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-j379-9jr9-w5cqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1000844ghsaADVISORY
- github.com/square/retrofit/pull/2735ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.