{"id":"CVE-2018-1000831","details":"K9Mail version \u003c= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid WebDAV server.","modified":"2026-04-10T04:05:28.220408Z","published":"2018-12-20T15:29:01.377Z","references":[{"type":"ADVISORY","url":"https://0dd.zone/2018/10/28/k9mail-XXE-MitM/"},{"type":"REPORT","url":"https://github.com/k9mail/k-9/issues/3681"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/k9mail/k-9","events":[{"introduced":"0"},{"last_affected":"a903bd6f81e929bdd486b12e24afe851d06b7dcf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.600"}]}}],"versions":["2.102","2.103","2.105","2.106","2.107","2.108","2.109","2.300","2.301","2.302","2.303","2.304","2.305","2.306","2.307","2.308","2.309","2.310","2.311","2.312","2.503","2.504","2.505","2.506","2.507","2.508","2.510","2.511","2.512","2.513","2.514","2.515","2.701","2.702","2.703","2.704","2.705","2.706","2.707","2.708","2.709","2.710","2.711","2.900","2.901","2.902","2.903","2.904","2.905","2.906","2.907","2.908","2.909","2.910","2.911","2.912","2.913","3.101","3.102","3.103","3.104","3.105","3.106","3.107","3.108","3.109","3.110","3.111","3.112","3.113","3.114","3.115","3.116","3.117","3.118","3.119","3.120","3.301","3.302","3.303","3.304","3.305","3.306","3.307","3.308","3.309","3.310","3.311","3.312","3.313","3.314","3.315","3.316","3.317","3.318","3.319","3.320","3.390","3.501","3.502","3.503","3.504","3.505","3.506","3.507","3.508","3.509","3.510","3.511","3.512","3.701","3.703","3.704","3.705","3.706","3.708","3.709","3.710","3.900","3.901","3.902","3.904","3.905","3.906","3.907","3.908","3.909","3.910","3.911","3.912","3.913","4.103","4.104","4.105","4.106","4.107","4.108","4.109","4.110","4.112","4.113","4.115","4.116","4.117","4.118","4.119","4.120","4.121","4.301","4.302","4.303","4.304","4.305","4.306","4.307","4.308","4.309","4.310","4.311","4.312","4.313","4.314","4.315","4.316","4.317","4.318","4.319","4.320","4.321","4.322","4.323","4.324","4.325","4.326","4.327","4.328","4.329","4.330","4.331","4.501","4.502","4.503","4.504","4.505","4.506","4.507","4.508","4.509","4.510","4.511","4.512","4.700","4.701","4.900","4.901","4.902","4.903","4.904","4.905","5.100","5.101","5.102","5.103","5.104","5.108","5.109","5.110","5.111","5.112","5.113","5.114","5.115","5.300","5.301","5.302","5.303","5.304","5.500","5.501","5.502","5.503","5.600","build_2101"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000831.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}