42 matches found
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4384 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=4.0.0-milestone1 <=4.5.21)
io.vertx:vertx-web MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =25.3.10 and more Sou...
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +5641 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=3.0.0-milestone6 <=4.5.21)
io.vertx:vertx-web MAVEN version =3.0.0-milestone6, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-python-config =0.0.2 and more Source cves: CVE-2025-11965 Source advisory:...
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories
Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...
RHEL 6 : vertx-web (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route CVE-2023-248...
Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images
New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to...
vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route
A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard , an attacker can exfiltrate any class path resource...
Path Traversal
vertx-web is vulnerable to Path Traversal. The vulnerability exists in the pathOffset function of Utils.java When running vertx web applications that serve files using the StaticHandler on Windows Operating Systems and Windows File Systems. If the mount point is a wildcard , then an attacker can...
ai.timefold.solver:timefold-solver-quarkus-benchmark-deployment (>=0.8.38 <=0.9.38), ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=0.9.38) +2914 more potentially affected by CVE-2023-24815 via io.vertx:vertx-web (>=4.0.0 <=4.3.7)
io.vertx:vertx-web MAVEN version =4.0.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.4 and more Source cves: CVE-2023-24815 Source advisory: OSV:GHSA-53JX-VVF9-4X38https://vulners.com/osv/OSV...
CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...
Eclipse Vertx-web 路径遍历漏洞
Eclipse Vertx-web is an Eclipse Foundation framework for building web applications. A path traversal vulnerability exists in Eclipse Vertx-web versions prior to 4.3.8, which stems from the fact that an attacker can disclose any class path resource if the mount point is a wildcard...
ai.konduit.serving:konduit-serving-api (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-cli (>=0.0.2 <=0.3.0) +1764 more potentially affected by CVE-2019-17640 via io.vertx:vertx-web (>=3.0.0 <=3.9.3)
io.vertx:vertx-web MAVEN version =3.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =19.9.0, =22.3.2 and more Source cves: CVE-2019-17640 Source advisory: OSV:GHSA-VJW7-6GFQ-6WF5...
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +13 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone4 is affected by a known vulnerability. The following packages have a transitive dependency on io.vertx:vertx-web and may be impacted: - com.chaochaogege:hotelapi =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =0.4.0 - io.vertx:vertx-health-check...
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +13 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone3 <=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone3, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-mileston...
com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone1 <=4.0.0-milestone4)
io.vertx:vertx-web MAVEN version =4.0.0-milestone1, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone4 and more Source...
Eclipse Vertx-web Cross-Site Request Forgery Vulnerability
Eclipse Vertx-web is an Eclipse Foundation framework for building Web applications . A cross-site request forgery vulnerability exists in the Vert.x-Web framework v4.0 milestone 1-4, where the source program fails to perform proper CSRF validation. Instead of comparing the CSRF token in the reque...
Cross-Site Request Forgery (CSRF)
vertx-web is vulnerable to cross-site request forgery CSRF. The CSRF token provided by the framework is being sent as a HTTP session token and is not adequate to prevent CSRF attacks as the token is automatically included in every HTTP request...
Eclipse Vertx-web 跨站请求伪造漏洞
Eclipse Vertx-web is an Eclipse Foundation framework for building Web applications . A cross-site request forgery vulnerability exists in the Vert.x-Web framework v4.0 milestone 1-4, where the source program fails to perform proper CSRF validation. Instead of comparing the CSRF token in the reque...
be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +590 more potentially affected by CVE-2018-12542 via io.vertx:vertx-web (>=3.0.0 <=3.5.3.CR1)
io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12542 Source advisory: OSV:GHSA-H39X-M55C-V55H...
be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +525 more potentially affected by CVE-2018-12540 via io.vertx:vertx-web (>=3.0.0 <=3.5.2.CR3)
io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12540 Source advisory: OSV:GHSA-RVGG-F8QM-6H7J...