CVE-2023-6194
11.12.2023, 14:15
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.Enginsight
| Vendor | Product | Version |
|---|---|---|
| eclipse | memory_analyzer | 0.7 ≤ 𝑥 ≤ 1.14.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References