CVE-2017-8316

Published: Aug 3, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.

Affected (1)

Products: Jetbrains: Intellij Idea

Jetbrains

1 product

Intellij Idea

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jetbrains Intellij Idea	Before 2017.2.2

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b

Source: cve@checkpoint.com

https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/

Source: cve@checkpoint.com

ExploitThird Party Advisory

https://youtrack.jetbrains.com/issue/IDEA-175381

Source: cve@checkpoint.com

Broken Link

http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b

Source: af854a3a-2127-422b-91ae-364da2661108

https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://youtrack.jetbrains.com/issue/IDEA-175381

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.