CVE-2017-8316
HIGHIntelliJ IDEA < 2017.2.2 - XML External Entity Injection via AndroidManifest.xml
Title source: llmDescription
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b
Broken Link x_refsource_misc
https://youtrack.jetbrains.com/issue/IDEA-175381
Exploit, Third Party Advisory x_refsource_misc
https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/
Scores
CVSS v3
7.5
EPSS
0.0001
EPSS Percentile
0.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
jetbrains/intellij_idea
< 2017.2.2
Published
Aug 03, 2018
Tracked Since
Feb 18, 2026