159 matches found
CVE-2023-24815
CVE-2023-24815 affects Eclipse Vert.x-Web, specifically the StaticHandler behavior when serving files on Windows with a wildcard mount point. The vulnerability arises in Utils.java when computing the relative path to a resource: for wildcards it returns the user input (e.g., rest) as the path seg...
CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
Impact If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. Hazelcast is a transitive dependenc...
GHSA-Q2FJ-6H62-59M2 Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
Impact If you are using the Apiman Vert.x Gateway prior to Apiman 3.0.0.Final, a connection caching issue in Hazelcast could allow an unauthenticated, remote attacker to access and manipulate data in the cluster with another authenticated connection's identity. Hazelcast is a transitive dependenc...
Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.4 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Important: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.3.3 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.7 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.5 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Path Traversal in Eclipse Vert
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0-milestone1, 4.0.0-milestone2, 4.0.0-milestone3, 4.0.0-milestone4, 4.0.0-milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.8 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Critical: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.5 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.2 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.0 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
JetLinks open source IoT platform suffers from weak password vulnerability
JetLinks open source Internet of Things platform based on Java8, Spring Boot 2.x, WebFlux, Netty, Vert.x, Reactor and other development , is an out-of-the-box , secondary development of enterprise-class Internet of Things infrastructure platform . JetLinks open source IoT platform has a weak...
Cross-Site Request Forgery in Vert.x-Web framework
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...
GHSA-9Q69-G5GC-9FGF Cross-Site Request Forgery in Vert.x-Web framework
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...
Moderate: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.0.3 security update
An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more...
CVE-2020-35217
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...
CVE-2020-35217
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need t...