Back to search
CVE-2019-17637
Published: Jul 15, 2020
Modified: Aug 5, 2024
PUBLISHED
Description
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
| Vendor | Product | Versions |
|---|---|---|
The Eclipse Foundation | Eclipse Web Tools Platform | affected 1.0 to 3.18 |
Weaknesses (CWE)
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
x_refsource_CONFIRM
[debian-lts-announce] 20201009 [SECURITY] [DLA 2404-1] eclipse-wtp security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now