{"id":"CVE-2023-6194","details":"In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\ndocument type definition (DTD) references to external entities.\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.\n","modified":"2026-03-14T12:23:22.117950Z","published":"2023-12-11T14:15:31.847Z","references":[{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/15"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169"},{"type":"FIX","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0.7"},{"last_affected":"1.14.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6194.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}