XML Type Validation Vulnerability in Eclipse Vert.x
CVE-2018-12544

9.8CRITICAL

Key Information:

Vendor

The Eclipse Foundation

Status
Eclipse Vert.x
Vendor
CVE Published:
10 October 2018

What is CVE-2018-12544?

The OpenAPI XML type validator in Eclipse Vert.x versions 3.5.Beta1 to 3.5.3 is susceptible to XML attacks due to inadequate precautions when creating XML parsers. This vulnerability arises during schema validation, potentially allowing an attacker to exploit weaknesses in XML processing. Developers utilizing the OpenAPI XML type validator should implement necessary security measures to safeguard their applications against potential XML-based threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse Vert.x 3.5.0

Eclipse Vert.x <= 3.5.3

References

https://access.redhat.com/errata/RHSA-2018:2946
vendor-advisoryx_refsource_REDHAT
https://github.com/vert-x3/vertx-web/issues/1021
x_refsource_CONFIRM
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.