CVE-2019-10648

NONE
Published Mar 30, 20197y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 30, 2019 7y ago
Last Modified Jun 17, 2026 1w ago

Description

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 2

VendorProductVersionRange
robocoderobocode* ≤1.9.3.5
robocoderobocode*any

References 2

  • github.com https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f
    PatchThird Party Advisory
  • sourceforge.net https://sourceforge.net/p/robocode/bugs/406/
    Permissions RequiredThird Party Advisory

Remediation

  • github.com https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f
    PatchThird Party Advisory