Описание
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
Ссылки
- Third Party Advisory
- Issue TrackingPatchVendor Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Issue TrackingPatchVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:eclipse:vert.x:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.2:cr1:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.2:cr2:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.2:cr3:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:vert.x:3.5.3:cr1:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00618
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 6.5
redhat
больше 7 лет назад
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
github
больше 7 лет назад
Moderate severity vulnerability that affects io.vertx:vertx-core
EPSS
Процентиль: 69%
0.00618
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-611
CWE-611