CVE-2018-12544
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-12544
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12544.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12544
- Aliases
- Published
- 2018-10-10T20:29:00Z
- Modified
- 2024-09-03T02:05:29.146813Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
- References
Affected packages
Git / github.com/eclipse-vertx/vert.x
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse-vertx/vert.x
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
- Type
- GIT
- Repo
- https://github.com/vert-x3/vertx-web
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
3.*
3.0.0
3.0.0-dev_preview1
3.0.0-milestone2
3.0.0-milestone3
3.0.0-milestone4
3.0.0-milestone5
3.0.0-milestone6
3.1.0
3.2.0
3.2.1
3.3.0
3.3.0.CR2
3.3.1
3.3.2
3.3.3
3.4.0
3.4.0.Beta1
3.4.1
3.4.2
3.5.0
3.5.0.Beta1
3.5.1
3.5.2
3.5.2.CR1
3.5.2.CR2
3.5.2.CR3
3.5.3
3.5.3.CR1
Other
Eclipse_Initial_Contribution_2
v2.*
v2.0.1-final
v2.1M1
v2.1M2
v2.1M3
v2.1M4
v2.1M5
v2.1RC1
v2.1RC2
v2.1RC3