Back to search
CVE-2018-12541
Published: Oct 10, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
| Vendor | Product | Versions |
|---|---|---|
The Eclipse Foundation | Eclipse Vert.x | affected 3.0 - < unspecifiedaffected unspecified - <= 3.5.3 |
Weaknesses (CWE)
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539170
x_refsource_CONFIRM
https://github.com/eclipse-vertx/vert.x/issues/2648
x_refsource_CONFIRM
RHSA-2018:2946
vendor-advisory
x_refsource_REDHAT
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
x_refsource_MLIST
[pulsar-commits] 20210513 [pulsar] 30/46: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541 (#10261)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now