Moderate severity vulnerability that affects io.vertx:vertx-core

GHSA-6cw8-7j6c-hccp · CVE-2018-12537

Published Oct 19, 2018 · Modified Dec 2, 2024

Description

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-12537
WEB https://github.com/eclipse/vert.x/issues/2470
WEB https://github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72
WEB https://access.redhat.com/errata/RHSA-2018:2371
WEB https://access.redhat.com/errata/RHSA-2018:3768
WEB https://bugs.eclipse.org/bugs/show_bug.cgi?id=536038
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1591072
ADVISORY https://github.com/advisories/GHSA-6cw8-7j6c-hccp
WEB https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes