Vulnerabilities > CVE-2022-0671 - Server-Side Request Forgery (SSRF) vulnerability in Redhat Vscode-Xml

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redhat
CWE-918
critical
NVD
Published: 2022-02-18
Updated: 2023-11-07

Summary

A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.

Vulnerable Configurations

Part Description Count
Application
Redhat
1

Common Weakness Enumeration (CWE)

References