PT-2018-11247 · Eclipse · Eclipse Vert.X

Yanshuchong

Published

2018-10-10

Updated

2020-12-16

CVE-2018-12544

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 3.5.Beta1 through 3.5.3

Description The OpenAPI XML type validator in Eclipse Vert.x creates XML parsers without adequate protection against XML attacks when a developer uses it to validate a provided schema.

Recommendations For versions 3.5.Beta1 through 3.5.3, consider disabling the OpenAPI XML type validator until a patch is available to prevent potential XML attacks. Restrict the use of XML parsers to minimize the risk of exploitation.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-12544

GHSA-QH3M-QW6V-QVHG

Affected Products

Eclipse Vert.X

PT-2018-11247 · Eclipse · Eclipse Vert.X

CVE-2018-12544

Weakness Enumeration

Related Identifiers

Affected Products

References · 11