CVE-2018-1000823
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
exist-db:exist-core XML External Entity (XXE) vulnerability
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.exist-db:exist-core | <5.1.0 | 5.1.0 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000823
- https://github.com/eXist-db/exist/issues/2180
- https://github.com/eXist-db/exist/pull/2243
- https://github.com/eXist-db/exist/pull/2247
- https://github.com/eXist-db/exist/commit/1c3f0aec14d00bdbca175713af70cb7c7b868e9f
- https://github.com/eXist-db/exist/commit/b210f9fbf379b68842f2b055dda80d7e7479e96f
- https://0dd.zone/2018/10/27/exist-XXE
- https://github.com/advisories/GHSA-jxm5-5xcw-h57q
- https://github.com/eXist-db/exist
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.