CVE-2018-1000828

Name of the Vulnerable Software and Affected Versions FrostWire versions prior to 6.7.4-build-272

Description The issue concerns a XML External Entity (XXE) vulnerability that can be exploited via a man-in-the-middle attack during the software update process. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning.

Recommendations For versions prior to 6.7.4-build-272, update to a version newer than 6.7.4-build-272 to resolve the issue. As a temporary workaround, consider restricting access to the update mechanism to minimize the risk of exploitation.