Community
Participate
Working Groups
I am requesting a CVE, the details will be provided later as a comment.
Assigned CVE ID CVE-2018-12541
here are the CVE infos: - versions: 3.0.0, 3.1.0, 3.2.0, 3.2.1, 3.3.0.CR1, 3.3.0.CR2, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0.Beta1, 3.4.0, 3.4.1, 3.4.2, 3.5.0.Beta1, 3.5.0, 3.5.1, 3.5.2.CR1, 3.5.2.CR2, 3.5.2.CR3, 3.5.2, 3.5.3 - description: The WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed. - CWE category: https://cwe.mitre.org/data/definitions/789.html This has been fixed in 3.5.4 release, here is the corresponding project issue: https://github.com/eclipse-vertx/vert.x/issues/2648