CVE-2018-1000825

CRITICAL

FreeCol <= nightly-2018-08-22 - XXE

Title source: llm

Description

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://0dd.zone/2018/10/28/freecol-XXE/

Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/FreeCol/freecol/issues/26

Scores

CVSS v3 10.0

EPSS 0.0194

EPSS Percentile 77.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-611

Status published

Products (1)

freecol/freecol < 2018-08-22

Published Dec 20, 2018

Tracked Since Feb 18, 2026