Lucene search

K

MitreCVELIST:CVE-2019-18212

HistoryOct 23, 2019 - 9:05 p.m.

CVE-2019-18212

2019-10-2321:05:32

mitre

www.cve.org

0.003 Low

EPSS

Percentile

68.8%

XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.

References

github.com/angelozerr/lsp4xml/

github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others

github.com/angelozerr/lsp4xml/pull/567

github.com/redhat-developer/vscode-xml/

marketplace.visualstudio.com/items?itemName=redhat.vscode-xml

www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/

0.003 Low

EPSS

Percentile

68.8%

Related for CVELIST:CVE-2019-18212

prion1 osv1 nvd1 cve1