CVE-2018-1000644

Name of the Vulnerable Software and Affected Versions Eclipse RDF4j versions prior to 2.4.0 Milestone 2

Description The issue concerns a XML External Entity (XXE) vulnerability in the RDF4j XML parser when parsing RDF files. This can lead to the disclosure of confidential data, denial of service, server-side request forgery, and port scanning. The attack is exploitable via specially crafted RDF files.

Recommendations For Eclipse RDF4j versions prior to 2.4.0 Milestone 2, update to version 2.4.0 Milestone 2 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of RDF files from untrusted sources to minimize the risk of exploitation.