9.8

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EclipseVert.X Version3.5.0
EclipseVert.X Version3.5.0 Updatebeta1
EclipseVert.X Version3.5.1
EclipseVert.X Version3.5.2
EclipseVert.X Version3.5.2 Updatecr1
EclipseVert.X Version3.5.2 Updatecr2
EclipseVert.X Version3.5.2 Updatecr3
EclipseVert.X Version3.5.3
EclipseVert.X Version3.5.3 Updatecr1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.692
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568
Patch
Vendor Advisory
Issue Tracking