Maven package
org.eclipse.lemminx/lemminx-parent
pkg:maven/org.eclipse.lemminx/lemminx-parent
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0673 | — | < 0.19.0 | 0.19.0 | Feb 18, 2022 | A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | ||
| CVE-2022-0672 | — | < 0.19.0 | 0.19.0 | Feb 18, 2022 | A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. | ||
| CVE-2022-0671 | — | < 0.19.0 | 0.19.0 | Feb 18, 2022 | A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. |
- CVE-2022-0673Feb 18, 2022affected < 0.19.0fixed 0.19.0
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.
- CVE-2022-0672Feb 18, 2022affected < 0.19.0fixed 0.19.0
A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.
- CVE-2022-0671Feb 18, 2022affected < 0.19.0fixed 0.19.0
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.