Описание
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Отчет
While the affected artifact is being shipped in Fuse 6.3 via camel-vertx component, the vulnerable code is not being used, therefore Fuse 6.3 is not affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Fuse 6 | vertx | Not affected | ||
| Red Hat OpenShift Application Runtimes | vertx | Affected | ||
| Red Hat Fuse 7.2 | vertx | Fixed | RHSA-2018:3768 | 04.12.2018 |
| Text-Only RHOAR | Fixed | RHSA-2018:2371 | 09.08.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Moderate severity vulnerability that affects io.vertx:vertx-core
EPSS
5.3 Medium
CVSS3