Lucene search
K

159 matches found

CVE
CVE
added 2023/02/09 5:36 p.m.127 views

CVE-2023-24815

CVE-2023-24815 affects Eclipse Vert.x-Web, specifically the StaticHandler behavior when serving files on Windows with a wildcard mount point. The vulnerability arises in Utils.java when computing the relative path to a resource: for wildcards it returns the user input (e.g., rest) as the path seg...

5.3CVSS5.3AI score0.00919EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/02/09 5:36 p.m.34 views

CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

4.8CVSS5.2AI score0.00919EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/12/30 10:13 p.m.29 views

Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue

Impact If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. Hazelcast is a transitive dependenc...

9.1CVSS0.4AI score0.01021EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/12/30 10:13 p.m.36 views

GHSA-Q2FJ-6H62-59M2 Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue

Impact If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. Hazelcast is a transitive dependenc...

8.1CVSS9.1AI score0.01021EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/15 12:39 p.m.52 views

Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.4 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

9.8CVSS7.2AI score0.99615EPSS
Exploits11References6
RedHat Linux
RedHat Linux
added 2022/10/05 2:50 p.m.46 views

Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.3 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

7.5CVSS6.7AI score0.02191EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2022/06/23 10:41 a.m.69 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.7 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

7.7CVSS7AI score0.1158EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/03/31 11:14 a.m.39 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.5 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

5.9CVSS6.8AI score0.0582EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/10 8:28 p.m.47 views

Path Traversal in Eclipse Vert

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0-milestone1, 4.0.0-milestone2, 4.0.0-milestone3, 4.0.0-milestone4, 4.0.0-milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the...

9.8CVSS2.8AI score0.02002EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 2022/01/20 12:12 p.m.105 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.8 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

10CVSS7.7AI score0.99999EPSS
Exploits358References6
RedHat Linux
RedHat Linux
added 2021/12/14 4:0 p.m.214 views

Critical: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

10CVSS7.4AI score0.99999EPSS
Exploits352References5
RedHat Linux
RedHat Linux
added 2021/11/10 4:40 p.m.51 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.5 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

7.5CVSS6.8AI score0.0628EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/08/18 4:56 p.m.53 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.2 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

7.5CVSS6.8AI score0.03074EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/07/07 6:29 a.m.103 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.0 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

5.9CVSS6.7AI score0.10608EPSS
Exploits1References5
CNVD
CNVD
added 2021/06/29 12:0 a.m.17 views

JetLinks open source IoT platform suffers from weak password vulnerability

JetLinks open source Internet of Things platform based on Java8, Spring Boot 2.x, WebFlux, Netty, Vert.x, Reactor and other development , is an out-of-the-box , secondary development of enterprise-class Internet of Things infrastructure platform . JetLinks open source IoT platform has a weak...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/22 4:16 p.m.79 views

Cross-Site Request Forgery in Vert.x-Web framework

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...

8.8CVSS8.3AI score0.0058EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/04/22 4:16 p.m.62 views

GHSA-9Q69-G5GC-9FGF Cross-Site Request Forgery in Vert.x-Web framework

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...

8.8CVSS8.5AI score0.0058EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/03/31 9:38 a.m.99 views

Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.0.3 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...

6.2CVSS6.6AI score0.18891EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2021/02/04 4:22 p.m.41 views

CVE-2020-35217

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...

8.8CVSS2.5AI score0.0058EPSS
Exploits0References4
NVD
NVD
added 2021/01/20 1:15 p.m.11 views

CVE-2020-35217

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...

8.8CVSS8.6AI score0.0058EPSS
Exploits0References1
Rows per page
Query Builder