vulnerability
SUSE: CVE-2023-4218: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:S/C:C/I:N/A:N) | Nov 9, 2023 | Apr 17, 2024 | Jan 28, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:S/C:C/I:N/A:N)
Published
Nov 9, 2023
Added
Apr 17, 2024
Modified
Jan 28, 2025
Description
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Solutions
suse-upgrade-eclipse-contributor-toolssuse-upgrade-eclipse-emf-coresuse-upgrade-eclipse-emf-core-bootstrapsuse-upgrade-eclipse-emf-runtimesuse-upgrade-eclipse-emf-sdksuse-upgrade-eclipse-emf-xsdsuse-upgrade-eclipse-equinox-osgisuse-upgrade-eclipse-equinox-osgi-bootstrapsuse-upgrade-eclipse-jdtsuse-upgrade-eclipse-jdt-bootstrapsuse-upgrade-eclipse-p2-discoverysuse-upgrade-eclipse-p2-discovery-bootstrapsuse-upgrade-eclipse-pdesuse-upgrade-eclipse-pde-bootstrapsuse-upgrade-eclipse-platformsuse-upgrade-eclipse-platform-bootstrapsuse-upgrade-eclipse-swtsuse-upgrade-eclipse-swt-bootstrapsuse-upgrade-maven-failsafe-pluginsuse-upgrade-maven-failsafe-plugin-bootstrapsuse-upgrade-maven-surefiresuse-upgrade-maven-surefire-javadocsuse-upgrade-maven-surefire-pluginsuse-upgrade-maven-surefire-plugin-bootstrapsuse-upgrade-maven-surefire-plugins-javadocsuse-upgrade-maven-surefire-provider-junitsuse-upgrade-maven-surefire-provider-junit5suse-upgrade-maven-surefire-provider-junit5-javadocsuse-upgrade-maven-surefire-provider-testngsuse-upgrade-maven-surefire-report-parsersuse-upgrade-maven-surefire-report-pluginsuse-upgrade-maven-surefire-report-plugin-bootstrapsuse-upgrade-tychosuse-upgrade-tycho-bootstrapsuse-upgrade-tycho-javadoc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.