Unrated severityNVD Advisory· Published Aug 16, 2022· Updated Aug 3, 2024
CVE-2022-2838
CVE-2022-2838
Description
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <0.13.1
- Range: 0.7.0
Patches
Vulnerability mechanics
References
1- bugs.eclipse.org/580542mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.