N/A

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.

N/A

N/A

netbeans-mmd-plugin 安全漏洞

netbeans-mmd-plugin是一款思维导图插件。 netbeans-mmd-plugin 1.4.3及之前版本中的MMD文件的导入存在XML外部实体注入漏洞。远程攻击者可借助特制的MMD文件利用该漏洞泄露信息，实施服务器端请求伪造攻击或执行代码。

N/A

N/A