{ "CVE_data_meta" : { "ASSIGNER" : "kurt@seifried.org", "DATE_ASSIGNED" : "2018-06-23T11:22:33.067690", "DATE_REQUESTED" : "2018-06-01T15:36:27", "ID" : "CVE-2018-1000546", "REQUESTER" : "Melbourne@sectalks.org", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "Triplea", "version" : { "version_data" : [ { "version_value" : "<= 1.9.0.0.10291" } ] } } ] }, "vendor_name" : "Triplea" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML)." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "XML External Entity (XXE)" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://0dd.zone/2018/05/31/TripleA-XXE/", "refsource" : "MISC", "url" : "https://0dd.zone/2018/05/31/TripleA-XXE/" }, { "name" : "https://github.com/triplea-game/triplea/issues/3442", "refsource" : "MISC", "url" : "https://github.com/triplea-game/triplea/issues/3442" } ] } }