CVE-2019-17637

Summary

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Web Tools Platform1.0 to 3.18affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference (XXE)

ADP Enrichment

CVE Program Container

Additional References

References