CVE-2018-1000834

2018-12-2015:29:01

Google

osv.dev

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.9%

JSON

runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

CPENameOperatorVersion
runeliteeqrunelite-parent-1.1.19
runeliteeqrunelite-parent-1.3.5
runeliteeqrunelite-parent-1.3.0
runeliteeqrunelite-parent-1.4.2
runeliteeqrunelite-parent-1.4.23
runeliteeqrunelite-parent-1.1.13
runeliteeqrunelite-parent-1.1.26
runeliteeqrunelite-parent-1.4.4
runeliteeqrunelite-parent-1.3.8
runeliteeqrunelite-parent-1.1.21

Name	Operator	Version
runelite	eq	runelite-parent-1.1.19
runelite	eq	runelite-parent-1.3.5
runelite	eq	runelite-parent-1.3.0
runelite	eq	runelite-parent-1.4.2
runelite	eq	runelite-parent-1.4.23
runelite	eq	runelite-parent-1.1.13
runelite	eq	runelite-parent-1.1.26
runelite	eq	runelite-parent-1.4.4
runelite	eq	runelite-parent-1.3.8
runelite	eq	runelite-parent-1.1.21