CVE-2018-1000652

Name of the Vulnerable Software and Affected Versions JabRef versions prior to the version containing commit 89f855d, specifically versions <=4.3.1

Description The issue concerns a XML External Entity (XXE) vulnerability in the MsBibImporter XML Parser. This can lead to disclosure of confidential data, denial of service, server-side request forgery, and port scanning. The attack is exploitable via specially crafted MsBib files.

Recommendations For JabRef versions <=4.3.1, update to a version that includes the fix after commit 89f855d to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted MsBib files with the MsBibImporter XML Parser until the issue is resolved.