2 matches found
CVE-2022-2838
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests...
CVE-2022-2838
CVE-2022-2838 affects Eclipse Sphinx prior to 0.13.1. The vulnerability stems from using the Apache Xerces XML Parser without disabling processing of referenced external entities, enabling an attacker to inject arbitrary definitions and access local files, with data exfiltration possible via HTTP...