3 matches found
CVE-2026-15076
In versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, the WebClientSession component of Eclipse Vert.x Web Client does not validate that the Domain attribute of a Set-Cookie response header matches the originating server's domain, in violation of RFC 6265 section 5.3. An attacke...
Eclipse Vertx-web 路径遍历漏洞
Eclipse Vertx-web is an Eclipse Foundation framework for building web applications. A path traversal vulnerability exists in Eclipse Vertx-web versions prior to 4.3.8, which stems from the fact that an attacker can disclose any class path resource if the mount point is a wildcard...
Eclipse Vertx-web Cross-Site Request Forgery Vulnerability
Eclipse Vertx-web is an Eclipse Foundation framework for building Web applications . A cross-site request forgery vulnerability exists in the Vert.x-Web framework v4.0 milestone 1-4, where the source program fails to perform proper CSRF validation. Instead of comparing the CSRF token in the reque...