Medium severity5.3NVD Advisory· Published Aug 14, 2018· Updated Jun 17, 2026
CVE-2018-12537
CVE-2018-12537
Description
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.vertx:vertx-coreMaven | >= 3.0.0, < 3.5.2 | 3.5.2 |
Affected products
2- The Eclipse Foundation/Eclipse Vert.xv5Range: 3.0
Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2018:2371nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:3768nvdThird Party AdvisoryWEB
- bugs.eclipse.org/bugs/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-6cw8-7j6c-hccpghsaADVISORY
- github.com/eclipse/vert.x/commit/1bb6445226c39a95e7d07ce3caaf56828e8aab72nvdThird Party AdvisoryWEB
- github.com/eclipse/vert.x/issues/2470nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-12537ghsaADVISORY
- www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-021_vertx.txtnvdThird Party AdvisoryWEB
News mentions
0No linked articles in our index yet.