CVE-2018-1000821

Name of the Vulnerable Software and Affected Versions MicroMathematics versions prior to commit 5c05ac8

Description The issue concerns a XML External Entity (XXE) vulnerability in SMathStudio files, which can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. This can be exploited through specially crafted SMathStudio files.

Recommendations For versions prior to commit 5c05ac8, update to a version after commit 5c05ac8 to resolve the issue. As a temporary workaround, consider restricting the use of SMathStudio files until the update is applied.