PT-2019-15279 · Lsp4Xml+1 · Xml Language Server+1

Publicado

2019-10-23

Atualizado

2019-10-30

CVE-2019-18212

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions XML Language Server (lsp4xml) versions prior to 0.9.1 Red Hat XML Language Support (vscode-xml) versions prior to 0.9.1

Description The issue allows a remote attacker to write to arbitrary files via Directory Traversal, potentially leading to unauthorized data modification. This is related to the XMLLanguageService.java file in the affected products.

Recommendations For XML Language Server (lsp4xml) versions prior to 0.9.1, update to version 0.9.1 or later. For Red Hat XML Language Support (vscode-xml) versions prior to 0.9.1, update to version 0.9.1 or later.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2019-18212

Produtos afetados

Red Hat Xml Language Support

Xml Language Server

PT-2019-15279 · Lsp4Xml+1 · Xml Language Server+1

CVE-2019-18212

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8