Home > Vulnerability Database > CVE-2023-6194

Mend.io Vulnerability Database

CVE-2023-6194

Date: December 11, 2023

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

Language: Java

Severity Score

2.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6194

Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631

Url: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169

Url: https://gitlab.eclipse.org/security/cve-assignement/-/issues/15

Url: https://www.mend.io/vulnerability-database/CVE-2023-6194

Severity Score

2.8

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

CVSS v3.1

Base Score:	2.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6194

Date: December 11, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?