exploitDog

CVE-2018-12544

Опубликовано: 27 сент. 2018

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-611

https://bugzilla.redhat.com/show_bug.cgi?id=1638384vertx: API Validation XML Schemas do not forbid file system access

EPSS

Процентиль: 69%

0.00618

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2018-12544

CVSS3: 9.8

nvd

больше 7 лет назад

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

GHSA-qh3m-qw6v-qvhg

github

больше 7 лет назад

Moderate severity vulnerability that affects io.vertx:vertx-core

EPSS

Процентиль: 69%

0.00618

Низкий

6.5 Medium

CVSS3