Description
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.
Remediation
References
https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022
https://github.com/redhat-developer/vscode-xml/blob/master/CHANGELOG.md#0190-february-14-2022
Related Vulnerabilities
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm
CVE-2022-3952 Vulnerability in maven package com.manydesigns:portofino-microservice-launcher
CVE-2023-22467 Vulnerability in maven package org.webjars.bowergithub.moment:luxon
CVE-2020-6537 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-0231 Vulnerability in maven package org.apache.mina:mina-core