A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.
References
Link | Resource |
---|---|
https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022 | Release Notes Third Party Advisory |
https://github.com/redhat-developer/vscode-xml/blob/master/CHANGELOG.md#0190-february-14-2022 | Release Notes Third Party Advisory |
Configurations
History
26 Feb 2022, 03:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022 - Release Notes, Third Party Advisory | |
References | (MISC) https://github.com/redhat-developer/vscode-xml/blob/master/CHANGELOG.md#0190-february-14-2022 - Release Notes, Third Party Advisory | |
CWE | CWE-918 CWE-400 |
|
First Time |
Redhat vscode-xml
Redhat |
|
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
CPE | cpe:2.3:a:redhat:vscode-xml:*:*:*:*:*:*:*:* |
18 Feb 2022, 18:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-18 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0671
Mitre link : CVE-2022-0671
CVE.ORG link : CVE-2022-0671
JSON object : View
Products Affected
redhat
- vscode-xml