{"data":{"id":"03bb08c5-0102-4bbe-b704-51a49480461f","title":"CVE-2018-1000844: Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Ent","summary":"Square's Retrofit library (a tool for making web requests in Java) contained an XXE vulnerability (XML External Entity attack, where an attacker tricks the system into reading files by embedding malicious instructions in XML data) in its JAXB component. An attacker could exploit this to read files from the system or perform SSRF (server-side request forgery, where an attacker makes the server send requests to unintended targets).","solution":"The vulnerability was fixed after commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437. Users should update to a version of Retrofit that includes this commit.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000844","publishedAt":"2018-12-20T20:29:02.127Z","cveId":"CVE-2018-1000844","cweIds":["CWE-611"],"cvssScore":"6.4","cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00908,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}