CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-1000652

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile34.95th
Published2018年8月20日
Last Modified2024年11月21日

Vulnerability Description

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.

Affected Platforms (CPE)

📦
Jabref

Jabref

<= 4.3.1

References & Advisories

🔗 https://0dd.zone/2018/08/08/JabRef-XXE/
🔗 https://github.com/JabRef/jabref/issues/4229
🔗 https://0dd.zone/2018/08/08/JabRef-XXE/
🔗 https://github.com/JabRef/jabref/issues/4229

関連する脆弱性情報

CVE-2018-1646210.0

A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command ...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-291310.0

Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that ...

CVE-2018-010110.0

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could ...