Vulnerability Description
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jetbrains | Intellij Idea | < 2017.2.2 |
Related Weaknesses (CWE)
References
- http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b885155
- https://research.checkpoint.com/parsedroid-targeting-android-development-researcExploitThird Party Advisory
- https://youtrack.jetbrains.com/issue/IDEA-175381Broken Link
- http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b885155
- https://research.checkpoint.com/parsedroid-targeting-android-development-researcExploitThird Party Advisory
- https://youtrack.jetbrains.com/issue/IDEA-175381Broken Link
FAQ
What is CVE-2017-8316?
CVE-2017-8316 is a vulnerability with a CVSS score of 7.5 (HIGH). IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
How severe is CVE-2017-8316?
CVE-2017-8316 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8316?
Check the references section above for vendor advisories and patch information. Affected products include: Jetbrains Intellij Idea.