XML External Entity (XXE)

🗓️ 19 Oct 2018 02:21:57Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 16 Views

vertx-web-api-contract is vulnerable to XML external entity (XXE) attacks. The OpenAPI `XMLTypeValidator` function allows access to external DTD and schemas, enabling remote attackers to perform XXE attacks by passing a malicious XML file

Reporter	Title	Published	Views	Family All 12
CNVD	Eclipse Vert.xXML External Entity Injection Vulnerability	12 Oct 201800:00	–	cnvd
CVE	CVE-2018-12544	10 Oct 201820:00	–	cve
Cvelist	CVE-2018-12544	10 Oct 201820:00	–	cvelist
EUVD	EUVD-2018-0664	7 Oct 202500:30	–	euvd
Github Security Blog	Moderate severity vulnerability that affects io.vertx:vertx-core	17 Oct 201816:20	–	github
NVD	CVE-2018-12544	10 Oct 201820:29	–	nvd
OSV	GHSA-QH3M-QW6V-QVHG Moderate severity vulnerability that affects io.vertx:vertx-core	17 Oct 201816:20	–	osv
Prion	Design/Logic Flaw	10 Oct 201820:29	–	prion
RedhatCVE	CVE-2018-12544	11 Oct 201813:19	–	redhatcve
RedHat Linux	Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update	18 Oct 201808:14	–	redhat

Vulners

Node

vertx-web-api-contract vertx-web-api-contractRange3.5.0–3.5.3java

Source	Link
github	www.github.com/vert-x3/vertx-web/commit/ea0b0930fbc122b7114935cafa379facc9611587
github	www.github.com/vert-x3/vertx-web/issues/1021
bugs	www.bugs.eclipse.org/bugs/show_bug.cgi
lists	www.lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
lists	www.lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2018:2946

08 Nov 2023 00:20Current

9.1High risk

Vulners AI Score9.1

CVSS 27.5

CVSS 39.8

EPSS0.00587