CVE-2019-18212

Published: Oct 23, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.

Affected (3)

Products: Xml Language Server Project: Xml Server Project · Eclipse: Wild Web Developer · Theia Xml Extension Project: Theia Xml Extension

Xml Language Server Project

1 product

Xml Server Project

1 product

Wild Web Developer

Theia Xml Extension Project

1 product

Theia Xml Extension

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xml Language Server Project Xml Server Project	Before 0.9.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Eclipse Wild Web Developer	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Theia Xml Extension Project Theia Xml Extension	All versions

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (12)

https://github.com/angelozerr/lsp4xml/

Source: cve@mitre.org

Product

https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/angelozerr/lsp4xml/pull/567

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/redhat-developer/vscode-xml/

Source: cve@mitre.org

PatchThird Party Advisory

https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml

Source: cve@mitre.org

Third Party Advisory

https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/angelozerr/lsp4xml/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/angelozerr/lsp4xml/pull/567

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/redhat-developer/vscode-xml/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.