CVE-2018-1000644
CRITICALEclipse RDF4j < 2.4.0 - XML External Entity Injection in RDF XML Parser
Title source: llmDescription
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/eclipse/rdf4j/issues/1056
Third Party Advisory x_refsource_misc
https://0dd.zone/2018/08/05/rdf4j-XXE/
Scores
CVSS v3
10.0
EPSS
0.0036
EPSS Percentile
58.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (3)
eclipse/rdf4j
2.4.0 (3 CPE variants)
eclipse/rdf4j
< 2.4.0
org.eclipse.rdf4j/rdf4j-runtime
0 - 2.4.0Maven
Published
Aug 20, 2018
Tracked Since
Feb 18, 2026