XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.
References
Configurations
History
21 Nov 2024, 04:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/angelozerr/lsp4xml/ - Product | |
References | () https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others - Release Notes, Third Party Advisory | |
References | () https://github.com/angelozerr/lsp4xml/pull/566 - Patch, Third Party Advisory | |
References | () https://github.com/redhat-developer/vscode-xml/ - Patch, Third Party Advisory | |
References | () https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml - Third Party Advisory | |
References | () https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/ - Exploit, Third Party Advisory |
Information
Published : 2019-10-23 22:15
Updated : 2024-11-21 04:32
NVD link : CVE-2019-18213
Mitre link : CVE-2019-18213
CVE.ORG link : CVE-2019-18213
JSON object : View
Products Affected
xml_language_server_project
- xml_server_project
eclipse
- wild_web_developer
theia_xml_extension_project
- theia_xml_extension
CWE
CWE-611
Improper Restriction of XML External Entity Reference