15 matches found
CVE-2022-0671
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
EUVD-2022-0826
Malicious code in bioql PyPI...
GHSA-52VV-3VF7-F7WH Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
CVE-2022-0671
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
CVE-2022-0671
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
Server side request forgery (ssrf)
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
CVE-2022-0671
The connected sources confirm a vulnerability in vscode-xml prior to version 0.19.0 where downloading a schema can trigger blind SSRF or DoS via a large file. Affected component is the vscode-xml schema download/processing path; root cause is improper handling of externally downloaded schema data...
CVE-2022-0671
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file...
Red Hat Vscode-Xml 代码问题漏洞
Red Hat Vscode-Xml is an open source Xml language support from Red Hat. It makes it easy to edit Xml in Visual Studio Code. A code issue vulnerability exists in Red Hat Vscode-Xml, which stems from a flaw found in vcode -xml in versions prior to 0.19.0. An attacker could exploit this vulnerabilit...
Red Hat Vscode-Xml 信息泄露漏洞
Red Hat Vscode-Xml is an open source Xml language support from Red Hat. It makes it easy to edit Xml in Visual Studio Code. An information disclosure vulnerability exists in Red Hat Vscode-Xml, which stems from a flaw found in versions of LemMinX prior to 0.19.0. An attacker could use this...
CVE-2019-18213
XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF as well as SMB connection initiation that can lead to NetNTLM challenge/response captu...
CVE-2019-18213
XML Language Server (lsp4xml) prior to 0.9.1 used in Red Hat XML Language Support (vscode-xml) prior to 0.9.1 is affected. The vulnerability arises in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java, where XXE can be triggered by a crafted XML document, leading to ...
CVE-2019-18212
XMLLanguageService.java in XML Language Server aka lsp4xml before 0.9.1, as used in Red Hat XML Language Support aka vscode-xml before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal...
CVE-2019-18212
XML Language Service (lsp4xml) in Red Hat XML Language Support (vscode-xml) versions before 0.9.1 is affected by a directory traversal vulnerability that allows a remote attacker to write to arbitrary files via XMLLanguageService.java. The issue is present in the XML Language Server implementatio...