CVE-2018-1000644 – org.eclipse.rdf4j:rdf4j-runtime

Package

Manager: maven
Name: org.eclipse.rdf4j:rdf4j-runtime
Vulnerable Version: >=0 <2.4.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.00378 pctl0.58545

Details

Eclipse RDF4j vulnerable to XML External Entitiy Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

Metadata

Created: 2018-10-19T16:54:11Z
Modified: 2022-09-14T19:17:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-6xq8-pvg4-3mf3/GHSA-6xq8-pvg4-3mf3.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-6xq8-pvg4-3mf3
Finding: F083
Auto approve: 1