VYPR
Moderate severityNVD Advisory· Published Nov 9, 2023· Updated Sep 3, 2024

XXE in eclipse.platform / Eclipse IDE

CVE-2023-4218

Description

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.platform:org.eclipse.core.runtimeMaven
< 3.29.03.29.0
org.eclipse.platform:org.eclipse.platformMaven
< 4.29.04.29.0
org.eclipse.platform:org.eclipse.jfaceMaven
< 3.31.03.31.0
org.eclipse.platform:org.eclipse.ui.formsMaven
< 3.13.03.13.0
org.eclipse.platform:org.eclipse.ui.ideMaven
< 3.21.1003.21.100
org.eclipse.platform:org.eclipse.ui.workbenchMaven
< 3.130.03.130.0
org.eclipse.platform:org.eclipse.urischemeMaven
< 1.3.1001.3.100
org.eclipse.jdt:org.eclipse.jdt.uiMaven
< 3.30.03.30.0

Affected products

48

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.