Vert.x Core is vulnerable to CRLF injection. The injection is possible because it does not check to forbid the \r
or \n
characters in HTTP client requests and server responses.
CPE | Name | Operator | Version |
---|---|---|---|
vert.x core | le | 3.5.4 | |
vert.x core | le | 3.4.2 |
access.redhat.com/errata/RHSA-2018:2371
access.redhat.com/errata/RHSA-2018:3768
bugs.eclipse.org/bugs/show_bug.cgi?id=536038
bugzilla.redhat.com/show_bug.cgi?id=1591072
github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72
github.com/eclipse/vert.x/issues/2470
www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txt