37 matches found
io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw
A file access control flaw has been discovered in the Eclipse Foundation's Vert.x library. A StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them...
Improper Access Control
io.vertx:vertx-web is vulnerable to Improper Access Control. The vulnerability is due to a flaw in the StaticHandler configuration that restricts access only to hidden files but not hidden directories, which allows an attacker to access sensitive files such as .git/config within hidden directorie...
EUVD-2025-35593
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories...
GHSA-H5FG-JPGR-RV9C Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories
Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11965
The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...
Eclipse Vert.x 安全漏洞
Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions 4.0.0 through 4.5.21 and 5.0.0 through 5.0.4, which stems from the inability of the StaticHandler configuration to restrict access to a hidde...
EUVD-2022-1208
Malicious code in bioql PyPI...
CVE-2019-17640
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the...
Linux Distros Unpatched Vulnerability : CVE-2023-24815
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files usin...
CVE-2023-24815
A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard , an attacker can exfiltrate any class path resource...
Path Traversal
vertx-web is vulnerable to Path Traversal. The vulnerability exists in the pathOffset function of Utils.java When running vertx web applications that serve files using the StaticHandler on Windows Operating Systems and Windows File Systems. If the mount point is a wildcard , then an attacker can...
StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route
Summary When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate any class path resource. Details When computing the relative path to locate the resource, in cas...
CVE-2023-24815
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
Input validation
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
CVE-2023-24815
CVE-2023-24815 affects Eclipse Vert.x-Web, specifically the StaticHandler behavior when serving files on Windows with a wildcard mount point. The vulnerability arises in Utils.java when computing the relative path to a resource: for wildcards it returns the user input (e.g., rest) as the path seg...