CRITICAL🇵🇱 Wersja polska

CVE-2018-1000644

CVSS 10.0v3.0pub. 2018-08-20upd. 2024-11-21

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Eclipse Rdf4j

    APP
    Eclipse
    2.4.0< 2.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSXXE
CWE
References

Related vulnerabilities

CVE-2018-20227HIGH7.5ten sam produkt

RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.

CVE-2026-2587CRITICAL9.6ten sam vendor

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...

CVE-2026-2586CRITICAL9.1ten sam vendor

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2026-24457CRITICAL9.1PL ✓ten sam vendor

Path Traversal w Eclipse OpenMQ umożliwia odczyt plików i potencjalny RCE

CVE-2026-22886CRITICAL9.8PL ✓ten sam vendor

Eclipse OpenMQ — domyślne dane logowania umożliwiają przejęcie kontroli