Vulnerability Description
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Vert.X | 3.5.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:2946Third Party Advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568Issue TrackingPatchVendor Advisory
- https://github.com/vert-x3/vertx-web/issues/1021PatchThird Party Advisory
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995
- https://access.redhat.com/errata/RHSA-2018:2946Third Party Advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568Issue TrackingPatchVendor Advisory
- https://github.com/vert-x3/vertx-web/issues/1021PatchThird Party Advisory
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995
FAQ
What is CVE-2018-12544?
CVE-2018-12544 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the ...
How severe is CVE-2018-12544?
CVE-2018-12544 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-12544?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Vert.X.