DescriptionEclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apktool (PTS)buster2.3.4-1fixed
bookworm, sid2.6.1+dfsg.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[stretch] - apktool <no-dsa> (Minor issue)
Upstream bug with details is restricted
According to Red Hat only eclipse-andmore was affected but it was
never shipped with Debian. Apktool is affected though.
Possible fixes:

Search for package or bug name: Reporting problems