Vulnerabilities > CVE-2019-18213 - XXE vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/angelozerr/lsp4xml/
- https://github.com/angelozerr/lsp4xml/
- https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others
- https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others
- https://github.com/angelozerr/lsp4xml/pull/566
- https://github.com/angelozerr/lsp4xml/pull/566
- https://github.com/redhat-developer/vscode-xml/
- https://github.com/redhat-developer/vscode-xml/
- https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml
- https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml
- https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/
- https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/