CVE-2018-12544
N/A
N/A
Summary
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Vert.x | 3.5.0 < unspecified | affected |
| The Eclipse Foundation | Eclipse Vert.x | unspecified <= 3.5.3 | affected |
Weaknesses
- CWE-611: CWE-611: Improper Restriction of XML External Entity Reference ('XXE')
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2018:2946
- https://github.com/vert-x3/vertx-web/issues/1021
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
References
- https://access.redhat.com/errata/RHSA-2018:2946
- https://github.com/vert-x3/vertx-web/issues/1021
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.