CVE-2018-1000825

Name of the Vulnerable Software and Affected Versions FreeCol versions prior to nightly-2018-08-23

Description The issue concerns a XML External Entity (XXE) vulnerability in the FreeColXMLReader parser. This can lead to disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via a Freecol file.

Recommendations For versions prior to nightly-2018-08-23, update to a version newer than nightly-2018-08-22 to resolve the issue. As a temporary workaround, consider restricting the use of the FreeColXMLReader parser until a patch is available. Avoid using potentially malicious Freecol files to minimize the risk of exploitation.