cve/2023/CVE-2023-4218.md

### [CVE-2023-4218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4218)
![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20IDE&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=org.eclipse.core.runtime&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=org.eclipse.pde&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.29.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.29%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.13.2400%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen)

### Description

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/sahilagichani14/sootUpTutorial
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-4218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4218)`
			`![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20IDE&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=org.eclipse.core.runtime&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=org.eclipse.pde&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.29.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.29%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%203.13.2400%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen)`

			`### Description`

			`In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/sahilagichani14/sootUpTutorial`