CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
eclipseCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
eclipsevert.x
3.5.0
eclipsevert.x
3.5.0:beta1
eclipsevert.x
3.5.1
eclipsevert.x
3.5.2
eclipsevert.x
3.5.2:cr1
eclipsevert.x
3.5.2:cr2
eclipsevert.x
3.5.2:cr3
eclipsevert.x
3.5.3
eclipsevert.x
3.5.3:cr1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:2946
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
https://github.com/vert-x3/vertx-web/issues/1021
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://access.redhat.com/errata/RHSA-2018:2946
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
https://github.com/vert-x3/vertx-web/issues/1021
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E