Moderate severity vulnerability that affects io.vertx:vertx-core

GHSA-qh3m-qw6v-qvhg · CVE-2018-12544

Published Oct 17, 2018 · Modified Nov 30, 2024

Description

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-12544
WEB https://github.com/vert-x3/vertx-web/issues/1021
WEB https://github.com/vert-x3/vertx-web/commit/ac8692c618d6180a9bc012a2ac8dbec821b1a97
WEB https://access.redhat.com/errata/RHSA-2018:2946
WEB https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
ADVISORY https://github.com/advisories/GHSA-qh3m-qw6v-qvhg
WEB https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes