CVE-2022-2838
N/A
N/A
Summary
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Sphinx | 0.7.0 < unspecified | affected |
| The Eclipse Foundation | Eclipse Sphinx | unspecified < 0.13.1 | affected |
Weaknesses
- CWE-611: CWE-611: Improper Restriction of XML External Entity Reference
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.