CVE-2018-12537

CVE-2018-12537

Vendor The Eclipse Foundation
Product Eclipse Vert.x
Weakness CWE-93 · CRLF injection
Published August 14, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Key dates

02Disclosure timeline

August 14, 2018 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE