In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2022-08-16T10:10:08

Updated: 2024-08-03T00:52:59.807Z

Reserved: 2022-08-16T00:00:00

Link: CVE-2022-2838

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-16T10:15:08.360

Modified: 2024-11-21T07:01:46.940

Link: CVE-2022-2838

cve-icon Redhat

No data.