CVE-2022-2838

Name of the Vulnerable Software and Affected Versions Eclipse Sphinx versions prior to 0.13.1

Description The issue allows the injection of arbitrary definitions, enabling access to local files and exposing their contents via HTTP requests due to the use of Apache Xerces XML Parser without disabling the processing of referenced external entities.

Recommendations For Eclipse Sphinx versions prior to 0.13.1, update to version 0.13.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of Apache Xerces XML Parser or restricting its ability to process external entities until a patch is applied.