7 matches found
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1.SP1 security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +287 more potentially affected by CVE-2025-11966 via io.vertx:vertx-web (>=5.0.0 <=5.0.4)
io.vertx:vertx-web MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11966 Source advisory: OSV:GHSA-45P5-V273-3QQR...
ai.tock:bot-test (>=25.9.0 <=26.3.2), ai.tock:bot-test-base (>=25.9.0 <=26.3.2) +287 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=5.0.0 <=5.0.4)
io.vertx:vertx-web MAVEN version =5.0.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-11965 Source advisory: OSV:GHSA-H5FG-JPGR-RV9C...
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +5641 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=3.0.0-milestone6 <=4.5.21)
io.vertx:vertx-web MAVEN version =3.0.0-milestone6, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-python-config =0.0.2 and more Source cves: CVE-2025-11965 Source advisory:...
ai.konduit.serving:konduit-serving-api (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-cli (>=0.0.2 <=0.3.0) +1764 more potentially affected by CVE-2019-17640 via io.vertx:vertx-web (>=3.0.0 <=3.9.3)
io.vertx:vertx-web MAVEN version =3.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =19.9.0, =22.3.2 and more Source cves: CVE-2019-17640 Source advisory: OSV:GHSA-VJW7-6GFQ-6WF5...
be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +525 more potentially affected by CVE-2018-12540 via io.vertx:vertx-web (>=3.0.0 <=3.5.2.CR3)
io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12540 Source advisory: OSV:GHSA-RVGG-F8QM-6H7J...
Replay Attacks
vertx-web is vulnerable to replay attacks. The application does not validate CSRF Tokens with the returned CSRF header/form parameter, allowing a malicious user to conduct a replay attack with previously issued tokens...