Lucene search
Veracode Vulnerability DatabaseVERACODE:7619HistoryOct 19, 2018 - 2:21 a.m.
XML External Entity (XXE)
2018-10-1902:21:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.004 Low
EPSS
Percentile
74.6%
vertx-web-api-contract is vulnerable to XML external entity (XXE) attacks. The OpenAPI XMLTypeValidator function allows access to external Document Type Definition (DTD) and schemas, which would allow a remote attacker to perform XXE attacks by passing a malicious XML file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vertx-web-api-contract | le | 3.5.3 |
References
access.redhat.com/errata/RHSA-2018:2946
bugs.eclipse.org/bugs/show_bug.cgi?id=539568
github.com/vert-x3/vertx-web/commit/ea0b0930fbc122b7114935cafa379facc9611587
github.com/vert-x3/vertx-web/issues/1021
lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
Related
redhatcve
redhatcve
CVE-2018-12544
2018-10-11 13:19:59
cvelist
cvelist
CVE-2018-12544
2018-10-10 20:00:00
github
github
Moderate severity vulnerability that affects io.vertx:vertx-core
2018-10-17 16:20:32
osv
osv
Moderate severity vulnerability that affects io.vertx:vertx-core
2018-10-17 16:20:32
CVE-2018-12544
2018-10-10 20:29:00
nvd
nvd
CVE-2018-12544
2018-10-10 20:29:00
prion
prion
Design/Logic Flaw
2018-10-10 20:29:00
cve
cve
CVE-2018-12544
2018-10-10 20:29:00
redhat
redhat