CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000652

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile34.95th
PublishedAug 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.

Affected Platforms (CPE)

πŸ“¦
Jabref

Jabref

<= 4.3.1

References & Advisories

πŸ”— https://0dd.zone/2018/08/08/JabRef-XXE/
πŸ”— https://github.com/JabRef/jabref/issues/4229
πŸ”— https://0dd.zone/2018/08/08/JabRef-XXE/
πŸ”— https://github.com/JabRef/jabref/issues/4229

Related Vulnerabilities

CVE-2018-022210.0

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an...

CVE-2018-026810.0

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenti...

CVE-2018-1071810.0

Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to...

CVE-2018-666710.0

Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remo...