CVE-2018-12544

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.30 % (70^th)

Affected Products 1

Advisories 1

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

Weaknesses

CWE-611: Improper Restriction of XML External Entity Reference

CVE Status: PUBLISHED
CNA: Eclipse Foundation
Published Date: 2018-10-10 20:29:00
(6 years ago)
Updated Date: 2023-11-07 02:52:20
(10 months ago)

Affected Products

Eclipse

Vert.x

Configuration #1

		CPE23	From	Up To
	Eclipse Vert.x 3.5.0	cpe:2.3:a:eclipse:vert.x:3.5.0
	Eclipse Vert.x 3.5.0 Beta1	cpe:2.3:a:eclipse:vert.x:3.5.0:beta1
	Eclipse Vert.x 3.5.1	cpe:2.3:a:eclipse:vert.x:3.5.1
	Eclipse Vert.x 3.5.2	cpe:2.3:a:eclipse:vert.x:3.5.2
	Eclipse Vert.x 3.5.2 Cr1	cpe:2.3:a:eclipse:vert.x:3.5.2:cr1
	Eclipse Vert.x 3.5.2 Cr2	cpe:2.3:a:eclipse:vert.x:3.5.2:cr2
	Eclipse Vert.x 3.5.2 Cr3	cpe:2.3:a:eclipse:vert.x:3.5.2:cr3
	Eclipse Vert.x 3.5.3	cpe:2.3:a:eclipse:vert.x:3.5.3
	Eclipse Vert.x 3.5.3 Cr1	cpe:2.3:a:eclipse:vert.x:3.5.3:cr1