Home

CVE-2018-12544

Description

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.618

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-12544,CVE-2018-12541 are fixed in Eclipse-vertx-core 3.5.4Windows
Vulnerabilities CVE-2018-12544,CVE-2018-12541 are fixed in Eclipse-vertx-core for Linux 3.5.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234