← back
CVE-2022-2838

CVE-2022-2838

EPSS 0.5%CWE-611
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
Affected products
The Eclipse Foundation · Eclipse Sphinx

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.eclipse.org/580542