In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://bugs.eclipse.org/580542 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2022-08-16T10:10:08
Updated: 2024-08-03T00:52:59.807Z
Reserved: 2022-08-16T00:00:00
Link: CVE-2022-2838
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-16T10:15:08.360
Modified: 2024-11-21T07:01:46.940
Link: CVE-2022-2838
Redhat
No data.