CVE-2019-17637

CVE-2019-17637

Vendor The Eclipse Foundation
Product Eclipse Web Tools Platform
Weakness CWE-611 · XXE
Published July 15, 2020
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

Key dates

02Disclosure timeline

July 15, 2020 CVE published
August 5, 2024 Record updated