cve/2018/CVE-2018-1000840.md

### [CVE-2018-1000840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000840)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

### POC

#### Reference
- https://github.com/processing/processing/issues/5706
- https://github.com/processing/processing/issues/5706

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1000840](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000840)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.`

			`### POC`

			`#### Reference`
			`- https://github.com/processing/processing/issues/5706`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://github.com/processing/processing/issues/5706`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`