CVE-2017-8315

high

Description

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.

References

https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/

https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169

Details

Source: Mitre, NVD

Published: 2018-04-20

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N