CVE-2019-17637

Name of the Vulnerable Software and Affected Versions Eclipse Web Tools Platform versions prior to 3.18 (2020-06)

Description The issue allows XML and DTD files referring to external entities to be exploited, sending the contents of local files to a remote server when edited or validated. This can occur even when external entity resolution is disabled in the user preferences.

Recommendations For Eclipse Web Tools Platform versions prior to 3.18 (2020-06), consider updating to a version newer than 3.18 (2020-06) to resolve the issue. As a temporary workaround, restrict the editing and validation of XML and DTD files that refer to external entities to minimize the risk of exploitation.