cve-2018-12544
Vulnerability from cvelistv5
Published
2018-10-10 20:00
Modified
2024-08-05 08:38
Severity ?
EPSS score ?
Summary
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Eclipse Foundation | Eclipse Vert.x |
Version: 3.5.0 < unspecified Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:38:06.199Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2946", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2946" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/vert-x3/vertx-web/issues/1021" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Vert.x", "vendor": "The Eclipse Foundation", "versions": [ { "lessThan": "unspecified", "status": "affected", "version": "3.5.0", "versionType": "custom" }, { "lessThanOrEqual": "3.5.3", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-10-03T00:00:00", "descriptions": [ { "lang": "en", "value": "In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-611", "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-12-16T05:06:24", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "name": "RHSA-2018:2946", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2946" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/vert-x3/vertx-web/issues/1021" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2018-12544", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Vert.x", "version": { "version_data": [ { "version_affected": "\u003e=", "version_value": "3.5.0" }, { "version_affected": "\u003c=", "version_value": "3.5.3" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2946", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2946" }, { "name": "https://github.com/vert-x3/vertx-web/issues/1021", "refsource": "CONFIRM", "url": "https://github.com/vert-x3/vertx-web/issues/1021" }, { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568" }, { "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2018-12544", "datePublished": "2018-10-10T20:00:00", "dateReserved": "2018-06-18T00:00:00", "dateUpdated": "2024-08-05T08:38:06.199Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-12544\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2018-10-10T20:29:00.710\",\"lastModified\":\"2024-11-21T03:45:24.490\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.\"},{\"lang\":\"es\",\"value\":\"De la versi\u00f3n 3.5.Beta1 a la 3.5.3 de Eclipse Vert.x, el validador de tipos XML OpenAPI crea analizadores XML sin las medidas defensivas adecuadas contra ataques XML. Este mecanismo es exclusivo a cuando el desarrollador emplea el validador de tipos XML OpenAPI de Eclipse Vert.x para validar un esquema proporcionado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B578D87B-7F8C-4A7F-91EA-69F6E3595A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C190477-C1D6-4F22-BDCB-ED6B9B592F5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2543DA32-484A-4A29-B31F-63C9FBD1257D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA23A643-E54E-4367-BA97-A7693F6D72D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.2:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A46B71-DD57-4399-B277-2F56E1FB2A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.2:cr2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D504CD1D-FF99-480E-AD59-71CD4C258926\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.2:cr3:*:*:*:*:*:*\",\"matchCriteriaId\":\"740C51B1-69BD-4520-9405-4ED67F505440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"402E12D6-A40F-4576-BE82-B58813A39EEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:vert.x:3.5.3:cr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2822E1C-48FB-4110-BF27-75186613EFA1\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2946\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/vert-x3/vertx-web/issues/1021\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2946\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/vert-x3/vertx-web/issues/1021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.