Candidate: CVE-2018-1000546
PublicDate: 2018-06-26 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000546
 https://0dd.zone/2018/05/31/TripleA-XXE/
 https://github.com/triplea-game/triplea/issues/3442
Description:
 Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE)
 vulnerability in Importing game data that can result in Possible
 information disclosure, server-side request forgery, or remote code
 execution. This attack appear to be exploitable via Specially crafted game
 data file (XML).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_triplea:
upstream_triplea: needs-triage
precise/esm_triplea: DNE
trusty_triplea: ignored (reached end-of-life)
trusty/esm_triplea: DNE (trusty was needs-triage)
xenial_triplea: ignored (end of standard support, was needs-triage)
artful_triplea: ignored (reached end-of-life)
bionic_triplea: needs-triage
cosmic_triplea: ignored (reached end-of-life)
disco_triplea: ignored (reached end-of-life)
eoan_triplea: ignored (reached end-of-life)
focal_triplea: needs-triage
groovy_triplea: ignored (reached end-of-life)
hirsute_triplea: ignored (reached end-of-life)
impish_triplea: needs-triage
jammy_triplea: needs-triage
devel_triplea: needs-triage