Server-Side Request Forgery (SSRF)
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file.
Advisories for Maven/Org.eclipse.lemminx/Lemminx-Parent package
2022
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.
Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user.