Lucene search
+L

42 matches found

vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.12 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +4384 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=4.0.0-milestone1 <=4.5.21)

io.vertx:vertx-web MAVEN version =4.0.0-milestone1, =0.0.86, =0.0.86, =0.0.86, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =25.3.10 and more Sou...

7.5CVSS5.7AI score0.00459EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/22 7:38 p.m.8 views

ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +5641 more potentially affected by CVE-2025-11965 via io.vertx:vertx-web (>=3.0.0-milestone6 <=4.5.21)

io.vertx:vertx-web MAVEN version =3.0.0-milestone6, =0.0.86, =0.0.86, =0.0.86, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-python-config =0.0.2 and more Source cves: CVE-2025-11965 Source advisory:...

7.5CVSS5.7AI score0.00459EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/10/22 7:38 p.m.10 views

Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories

Description There is a flaw in the hidden file protection feature of Vert.x Web’s StaticHandler when setIncludeHiddenfalse is configured. In the current implementation, only files whose final path segment i.e., the file name begins with a dot . are treated as “hidden” and are blocked from being...

7.5CVSS6.6AI score0.00459EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 6 : vertx-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route CVE-2023-248...

5.3CVSS6.9AI score0.00919EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2023/12/06 10:7 p.m.43 views

Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 2.4.0: new RHEL 8 container images

New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images are now available New Red Hat build of Cryostat 2.4.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.3.1 on RHEL 8 container images are advised to...

6.5CVSS6.6AI score0.02459EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2023/06/21 2:32 p.m.6 views

vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route

A flaw was found in Vert.X Web. When running the application that serves files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard , an attacker can exfiltrate any class path resource...

5.3CVSS5.8AI score0.00919EPSS
Exploits1References5
Veracode
Veracode
added 2023/02/13 2:46 a.m.23 views

Path Traversal

vertx-web is vulnerable to Path Traversal. The vulnerability exists in the pathOffset function of Utils.java When running vertx web applications that serve files using the StaticHandler on Windows Operating Systems and Windows File Systems. If the mount point is a wildcard , then an attacker can...

5.3CVSS5.7AI score0.00919EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/02/10 3:27 a.m.3 views

ai.timefold.solver:timefold-solver-quarkus-benchmark-deployment (>=0.8.38 <=0.9.38), ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=0.9.38) +2914 more potentially affected by CVE-2023-24815 via io.vertx:vertx-web (>=4.0.0 <=4.3.7)

io.vertx:vertx-web MAVEN version =4.0.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.4 and more Source cves: CVE-2023-24815 Source advisory: OSV:GHSA-53JX-VVF9-4X38https://vulners.com/osv/OSV...

5.3CVSS6.1AI score0.00919EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/02/09 5:36 p.m.7 views

CVE-2023-24815 Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard then an attacker can exfiltrate a...

4.8CVSS5.4AI score0.00919EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.5 views

Eclipse Vertx-web 路径遍历漏洞

Eclipse Vertx-web is an Eclipse Foundation framework for building web applications. A path traversal vulnerability exists in Eclipse Vertx-web versions prior to 4.3.8, which stems from the fact that an attacker can disclose any class path resource if the mount point is a wildcard...

5.3CVSS5.6AI score0.00919EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/02/10 8:28 p.m.8 views

ai.konduit.serving:konduit-serving-api (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-cli (>=0.0.2 <=0.3.0) +1764 more potentially affected by CVE-2019-17640 via io.vertx:vertx-web (>=3.0.0 <=3.9.3)

io.vertx:vertx-web MAVEN version =3.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =19.9.0, =22.3.2 and more Source cves: CVE-2019-17640 Source advisory: OSV:GHSA-VJW7-6GFQ-6WF5...

9.8CVSS7.2AI score0.02002EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/22 4:16 p.m.4 views

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +13 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone4 is affected by a known vulnerability. The following packages have a transitive dependency on io.vertx:vertx-web and may be impacted: - com.chaochaogege:hotelapi =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =0.4.0 - io.vertx:vertx-health-check...

8.8CVSS7.2AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/22 4:16 p.m.6 views

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone2 <=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone2, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone2, =4.0.0-milestone4 and more Source...

8.8CVSS7.2AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/22 4:16 p.m.4 views

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +13 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone3 <=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone3, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-milestone3, =4.0.0-mileston...

8.8CVSS7.2AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/22 4:16 p.m.2 views

com.chaochaogege:hotelapi (>=0.0.1 <=0.0.2), com.chaochaogege:ujnbsapi (>=0.0.3 <=0.0.5) +14 more potentially affected by CVE-2020-35217 via io.vertx:vertx-web (>=4.0.0-milestone1 <=4.0.0-milestone4)

io.vertx:vertx-web MAVEN version =4.0.0-milestone1, =0.0.1, =0.0.3, =0.2.0, =0.2.0, =0.2.0, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone1, =4.0.0-milestone4 and more Source...

8.8CVSS7.2AI score0.0058EPSS
Exploits0
CNVD
CNVD
added 2021/01/22 12:0 a.m.6 views

Eclipse Vertx-web Cross-Site Request Forgery Vulnerability

Eclipse Vertx-web is an Eclipse Foundation framework for building Web applications . A cross-site request forgery vulnerability exists in the Vert.x-Web framework v4.0 milestone 1-4, where the source program fails to perform proper CSRF validation. Instead of comparing the CSRF token in the reque...

8.8CVSS6.4AI score0.0058EPSS
Exploits0References1
Veracode
Veracode
added 2021/01/21 8:51 a.m.19 views

Cross-Site Request Forgery (CSRF)

vertx-web is vulnerable to cross-site request forgery CSRF. The CSRF token provided by the framework is being sent as a HTTP session token and is not adequate to prevent CSRF attacks as the token is automatically included in every HTTP request...

8.8CVSS1.3AI score0.0058EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.8 views

Eclipse Vertx-web 跨站请求伪造漏洞

Eclipse Vertx-web is an Eclipse Foundation framework for building Web applications . A cross-site request forgery vulnerability exists in the Vert.x-Web framework v4.0 milestone 1-4, where the source program fails to perform proper CSRF validation. Instead of comparing the CSRF token in the reque...

8.8CVSS7.2AI score0.0058EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2018/10/17 4:20 p.m.7 views

be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +590 more potentially affected by CVE-2018-12542 via io.vertx:vertx-web (>=3.0.0 <=3.5.3.CR1)

io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12542 Source advisory: OSV:GHSA-H39X-M55C-V55H...

9.8CVSS7.3AI score0.02286EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2018/10/17 4:19 p.m.7 views

be.fluid-it.reactive-microservice.bundle:bootique-vertx (>=0.1-0 <=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (>=0.1-0 <=0.1-8) +525 more potentially affected by CVE-2018-12540 via io.vertx:vertx-web (>=3.0.0 <=3.5.2.CR3)

io.vertx:vertx-web MAVEN version =3.0.0, =0.1-0, =0.1-0, =1.2.1, =3.0.5, =1.0.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12540 Source advisory: OSV:GHSA-RVGG-F8QM-6H7J...

8.8CVSS7.2AI score0.01994EPSS
Exploits1
Rows per page
Query Builder