Description
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.
Remediation
References
https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022
Related Vulnerabilities
CVE-2019-14820 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2016-10735 Vulnerability in maven package org.webjars.bower:bootstrap
CVE-2018-3721 Vulnerability in npm package lodash.merge
CVE-2018-8032 Vulnerability in maven package org.apache.axis:axis
CVE-2022-31142 Vulnerability in npm package @fastify/bearer-auth