CVE-2018-12544 Information

Description

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://access.redhat.com/errata/RHSA-2018:2946 https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568 https://github.com/vert-x3/vertx-web/issues/1021

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8