Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Theia Xml Extension Project Subscribe
Filtered by product Theia Xml Extension
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18213 3 Eclipse, Theia Xml Extension Project, Xml Language Server Project 3 Wild Web Developer, Theia Xml Extension, Xml Server Project 2021-07-21 6.5 MEDIUM 8.8 HIGH
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.
CVE-2019-18212 3 Eclipse, Theia Xml Extension Project, Xml Language Server Project 3 Wild Web Developer, Theia Xml Extension, Xml Server Project 2019-10-30 4.0 MEDIUM 6.5 MEDIUM
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.