Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Eclipse Memory Analyzer 代码问题漏洞
Vulnerability Description
Eclipse Memory Analyzer是Eclipse基金会的一款内存分析工具。 Eclipse Memory Analyzer 0.7版本至1.14.0版本存在安全漏洞,该漏洞源于不会过滤报告部分XML文件。
CVSS Information
N/A
Vulnerability Type
N/A