CVE-2018-1000644: XEE
First published: Mon Aug 20 2018(Updated: )
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse RDF4j | <2.4.0 | |
| Eclipse RDF4j | =2.4.0 | |
| Eclipse RDF4j | =2.4.0-m1 | |
| Eclipse RDF4j | =2.4.0-m2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/eclipse
- canonical/eclipse rdf4j
- version/eclipse rdf4j/2.4.0
- version/eclipse rdf4j/2.4.0-m1
- version/eclipse rdf4j/2.4.0-m2