CVE-2019-18213

Published: Oct 23, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

Affected (3)

Products: Xml Language Server Project: Xml Server Project · Eclipse: Wild Web Developer · Theia Xml Extension Project: Theia Xml Extension

Xml Language Server Project

1 product

Xml Server Project

1 product

Wild Web Developer

Theia Xml Extension Project

1 product

Theia Xml Extension

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xml Language Server Project Xml Server Project	Before 0.9.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Eclipse Wild Web Developer	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Theia Xml Extension Project Theia Xml Extension	All versions

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (12)

https://github.com/angelozerr/lsp4xml/

Source: cve@mitre.org

Product

https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/angelozerr/lsp4xml/pull/566

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/redhat-developer/vscode-xml/

Source: cve@mitre.org

PatchThird Party Advisory

https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml

Source: cve@mitre.org

Third Party Advisory

https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/angelozerr/lsp4xml/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/angelozerr/lsp4xml/pull/566

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/redhat-developer/vscode-xml/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.