Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

Published

2018-10-10T20:29:00.710

Last Modified

2024-11-21T03:45:24.490

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-611
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	eclipse	vert.x	3.5.0	Yes
Application	eclipse	vert.x	3.5.0	Yes
Application	eclipse	vert.x	3.5.1	Yes
Application	eclipse	vert.x	3.5.2	Yes
Application	eclipse	vert.x	3.5.2	Yes
Application	eclipse	vert.x	3.5.2	Yes
Application	eclipse	vert.x	3.5.2	Yes
Application	eclipse	vert.x	3.5.3	Yes
Application	eclipse	vert.x	3.5.3	Yes

References

https://access.redhat.com/errata/RHSA-2018:2946 Third Party Advisory ([email protected])
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://github.com/vert-x3/vertx-web/issues/1021 Patch, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E ([email protected])
https://access.redhat.com/errata/RHSA-2018:2946 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vert-x3/vertx-web/issues/1021 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)