Description
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.
Remediation
References
https://github.com/redhat-developer/vscode-xml/blob/master/CHANGELOG.md#0190-february-14-2022
https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022
Related Vulnerabilities
CVE-2021-44548 Vulnerability in maven package org.apache.solr:solr-core
CVE-2020-7722 Vulnerability in npm package nodee-utils
CVE-2021-35517 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2023-37951 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2019-0201 Vulnerability in maven package org.apache.zookeeper:zookeeper