{"id":"CVE-2018-1000834","details":"runelite version \u003c= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.","modified":"2026-03-14T09:26:10.271489Z","published":"2018-12-20T15:29:01.547Z","references":[{"type":"ADVISORY","url":"https://0dd.zone/2018/10/28/runelite-XXE-MitM/"},{"type":"REPORT","url":"https://github.com/runelite/runelite/issues/6160"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/runelite/runelite","events":[{"introduced":"0"},{"last_affected":"494057adf6116bf2a9658818caa2140f27041348"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.23"}]}}],"versions":["runelite-parent-1.0","runelite-parent-1.1.0","runelite-parent-1.1.1","runelite-parent-1.1.10","runelite-parent-1.1.11","runelite-parent-1.1.12","runelite-parent-1.1.13","runelite-parent-1.1.14","runelite-parent-1.1.15","runelite-parent-1.1.16","runelite-parent-1.1.17","runelite-parent-1.1.18","runelite-parent-1.1.19","runelite-parent-1.1.2","runelite-parent-1.1.21","runelite-parent-1.1.22","runelite-parent-1.1.23","runelite-parent-1.1.24","runelite-parent-1.1.25","runelite-parent-1.1.26","runelite-parent-1.1.27","runelite-parent-1.1.28","runelite-parent-1.1.29","runelite-parent-1.1.3","runelite-parent-1.1.30","runelite-parent-1.1.31","runelite-parent-1.1.32","runelite-parent-1.1.33","runelite-parent-1.1.4","runelite-parent-1.1.5","runelite-parent-1.1.6","runelite-parent-1.1.7","runelite-parent-1.1.8","runelite-parent-1.1.9","runelite-parent-1.2.0","runelite-parent-1.2.1","runelite-parent-1.2.10","runelite-parent-1.2.11","runelite-parent-1.2.12","runelite-parent-1.2.13","runelite-parent-1.2.14","runelite-parent-1.2.15","runelite-parent-1.2.16","runelite-parent-1.2.17","runelite-parent-1.2.18","runelite-parent-1.2.19","runelite-parent-1.2.2","runelite-parent-1.2.3","runelite-parent-1.2.4","runelite-parent-1.2.5","runelite-parent-1.2.6","runelite-parent-1.2.7","runelite-parent-1.2.8","runelite-parent-1.2.9","runelite-parent-1.3.0","runelite-parent-1.3.1","runelite-parent-1.3.2","runelite-parent-1.3.3","runelite-parent-1.3.4","runelite-parent-1.3.5","runelite-parent-1.3.6","runelite-parent-1.3.7","runelite-parent-1.3.8","runelite-parent-1.3.9","runelite-parent-1.4.0","runelite-parent-1.4.1","runelite-parent-1.4.10","runelite-parent-1.4.11","runelite-parent-1.4.12","runelite-parent-1.4.13","runelite-parent-1.4.14","runelite-parent-1.4.15","runelite-parent-1.4.16","runelite-parent-1.4.17","runelite-parent-1.4.18","runelite-parent-1.4.19","runelite-parent-1.4.2","runelite-parent-1.4.20","runelite-parent-1.4.21","runelite-parent-1.4.22","runelite-parent-1.4.23","runelite-parent-1.4.3","runelite-parent-1.4.4","runelite-parent-1.4.5","runelite-parent-1.4.6","runelite-parent-1.4.7","runelite-parent-1.4.8","runelite-parent-1.4.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000834.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}