{"id":"CVE-2018-1000835","details":"KeePassDX version \u003c= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.","modified":"2026-04-10T04:04:12.571150Z","published":"2018-12-20T15:29:01.610Z","references":[{"type":"ADVISORY","url":"https://0dd.zone/2018/10/28/KeePassDX-XXE/"},{"type":"REPORT","url":"https://github.com/Kunzisoft/KeePassDX/issues/200"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kunzisoft/keepassdx","events":[{"introduced":"0"},{"last_affected":"64a4f439457bba5717be6c9b20f6f5c02a7ebd26"},{"introduced":"0"},{"last_affected":"0fdcc29aa2aa10233e194979be3215fd511c6b1b"},{"introduced":"0"},{"last_affected":"d4a0b59eb1978e4baf91d0e6d84c45a781ab1832"},{"introduced":"0"},{"last_affected":"49ea92a4a501f1c35275b517b3c5288e16e48470"},{"introduced":"0"},{"last_affected":"e7bbb47422d73bff573919f3ed4d9c269dc5e918"},{"introduced":"0"},{"last_affected":"6fddc92ce7fce72ab051f56c6fe35f3c7a555959"},{"introduced":"0"},{"last_affected":"4f9625a3e19147e8f1d365a00faf14d7cb12c189"},{"introduced":"0"},{"last_affected":"edc7324c1dab0eb9cdfa2043629d723cbf7c4c21"},{"introduced":"0"},{"last_affected":"57f71afb98be5b90699ae1d57b3f7777f1763430"},{"introduced":"0"},{"last_affected":"b8b106eb65bb447d8ef8d646eb8a332f3c05f6f1"},{"introduced":"0"},{"last_affected":"b62106068b9c08f524ed5f50ac406aaabc058e6a"},{"introduced":"0"},{"last_affected":"c24c18d89e9fb61a017f3706d00c2acfd4228e3b"},{"introduced":"0"},{"last_affected":"2cc530cbece7abcfb265d06161fad8a996e90fea"},{"introduced":"0"},{"last_affected":"943d7ca6b9e66275647a43f1d2359544b1e8414e"},{"introduced":"0"},{"last_affected":"38c264e38d2ef1bac9b3e3856ea3b46c8929b6d9"},{"introduced":"0"},{"last_affected":"161923c80817379a865a1ae5f8b6441105440e8d"},{"introduced":"0"},{"last_affected":"1033dd78b080de8007da545e648a8174f4a00f1b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.0.0-beta1"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta10"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta11"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta12"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta13"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta14"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta15"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta16"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta17"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta2"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta3"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta4"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta5"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta6"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta7"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta8"},{"introduced":"0"},{"last_affected":"2.5.0.0-beta9"}]}}],"versions":["2.5.0.0beta1","2.5.0.0beta10","2.5.0.0beta11","2.5.0.0beta12","2.5.0.0beta13","2.5.0.0beta14","2.5.0.0beta15","2.5.0.0beta16","2.5.0.0beta17","2.5.0.0beta2","2.5.0.0beta3","2.5.0.0beta4","2.5.0.0beta5","2.5.0.0beta6","2.5.0.0beta7","2.5.0.0beta8","2.5.0.0beta9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000835.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}