CVE-2018-12541

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 3.0.0 through 3.5.3

Description The WebSocket HTTP upgrade implementation in Eclipse Vert.x buffers the full HTTP request before doing the handshake, holding the entire request body in memory. It is recommended to have a reasonable limit, above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. The suggested limit is 8192 bytes.

Recommendations For Eclipse Vert.x versions 3.0.0 through 3.5.3, consider implementing a limit on the HTTP request body size to prevent excessive memory usage, and return an HTTP response with the 413 status code when this limit is exceeded.