CVE-2018-1000829
CRITICALAnyplace - XML External Entity Injection via Map API Call
Title source: llmDescription
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/dmsl/anyplace/issues/263
Third Party Advisory x_refsource_misc
https://0dd.zone/2018/10/28/anyplace-XXE-MitM/
Scores
CVSS v3
9.0
EPSS
0.0134
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
anyplace_project/anyplace
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026