An XML External Entity vulnerability was found in vertx-web before 3.5.4. The function isValid didn't provide any XXE protection when parsing an XML document. Upstream issue: https://github.com/vert-x3/vertx-web/issues/1021 References: https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568 Upstream patches: https://github.com/vert-x3/vertx-web/pull/1022/commits/d814d22ade14bafec47c4447a4ba9bff090f05e8 https://github.com/vert-x3/vertx-web/pull/1022/commits/26db16c7b32e655b489d1a71605f9a785f788e41
This issue has been addressed in the following products: Red Hat Openshift Application Runtimes (text-only advisories) Via RHSA-2018:2946 https://access.redhat.com/errata/RHSA-2018:2946