CVE-2018-1000542

Name of the Vulnerable Software and Affected Versions netbeans-mmd-plugin versions prior to 1.4.4

Description The issue is related to a XML External Entity (XXE) vulnerability in the MMD file import functionality. This can potentially lead to information disclosure, server-side request forgery, or remote code execution. The attack is exploitable via specially crafted MMD files.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting the import of MMD files or validating their contents to minimize the risk of exploitation.