CVE-2023-4218
low-risk
Published 2023-11-09
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.0/10
Medium
LOCAL
/ LOW complexity
Affected Products (3)
Eclipse Ide
Org.Eclipse.Core.Runtime
Pde
Affected Vendors
References (22)
Issue Tracking
https://github.com/eclipse-emf/org.eclipse.emf/issues/10
Issue Tracking
https://github.com/eclipse-emf/org.eclipse.emf/issues/10
and 2 more references
26
/ 100
low-risk
Severity
17/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
9/34 · Low