CVE-2022-2838

CVE-2022-2838

Vendor The Eclipse Foundation
Product Eclipse Sphinx
Weakness CWE-611 · XXE
Published August 16, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.

Key dates

02Disclosure timeline

August 16, 2022 CVE published
August 3, 2024 Record updated