Skip to content

Moderate severity vulnerability that affects io.vertx:vertx-core

Moderate severity GitHub Reviewed Published Oct 17, 2018 to the GitHub Advisory Database • Updated Mar 4, 2024

Package

maven io.vertx:vertx-core (Maven)

Affected versions

>= 3.5.0, < 3.5.4

Patched versions

3.5.4

Description

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

References

Published to the GitHub Advisory Database Oct 17, 2018
Reviewed Jun 16, 2020
Last updated Mar 4, 2024

Severity

Moderate

EPSS score

0.304%
(70th percentile)

Weaknesses

CVE ID

CVE-2018-12544

GHSA ID

GHSA-qh3m-qw6v-qvhg

Source code

No known source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.