CVE-2018-12537 – io.vertx:vertx-core

Package

Manager: maven
Name: io.vertx:vertx-core
Vulnerable Version: >=3.0.0 <3.5.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01089 pctl0.77093

Details

Moderate severity vulnerability that affects io.vertx:vertx-core In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Metadata

Created: 2018-10-19T17:43:36Z
Modified: 2020-06-16T21:18:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-6cw8-7j6c-hccp/GHSA-6cw8-7j6c-hccp.json
CWE IDs: ["CWE-93"]
Alternative ID: GHSA-6cw8-7j6c-hccp
Finding: F184
Auto approve: 1