CVE-2023-4218 (Medium) detected in org.eclipse.core.runtime-3.26.100.jar - autoclosed #559
Labels
Comments
mend-for-github.aaakk.us.kg
bot
added
the
Mend: dependency security vulnerability
|
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory. |
mend-for-github.aaakk.us.kg
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-4218 - Medium Severity Vulnerability
Core Runtime
Library home page: https://projects.eclipse.org/projects/eclipse.platform
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.26.100/83c77ee0cfc948ea33f5054dda3f5c39250a7ed5/org.eclipse.core.runtime-3.26.100.jar
Dependency Hierarchy:
Found in HEAD commit: b321e4a4bd180d97e85dfbb5c6ebc6c17d750a53
Found in base branch: main
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Publish Date: 2023-11-09
URL: CVE-2023-4218
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-4218
Release Date: 2023-11-09
Fix Resolution: 3.29.0
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: