In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse web tools platform |
||
debian debian linux 9.0 |