CVE-2018-19244

Name of the Vulnerable Software and Affected Versions Charles version 4.2.7

Description A vulnerability exists in the import/export setup option, specifically an XML External Entity (XXE) issue. This allows an attacker to potentially access an intranet network and leak information if a user imports a malicious "Charles Settings.xml" file.

Recommendations For version 4.2.7, avoid importing "Charles Settings.xml" files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, consider restricting the use of the import/export setup option until a patch is available.