Lucene search
+L
EclipseVert.x3.0.0

4 matches found

CVE
CVE
added 2018/10/10 8:0 p.m.119 views

CVE-2018-12541

The CVE-2018-12541 vulnerability affects Eclipse Vert.x WebSocket HTTP upgrade: in versions 3.0.0–3.5.3, the upgrade path buffers the entire HTTP request (including the request body) in memory before performing the handshake. This behavior enables an attacker to potentially exhaust memory by send...

6.5CVSS6.3AI score0.02652EPSS
CVE
CVE
added 2018/08/14 7:0 p.m.105 views

CVE-2018-12537

CVE-2018-12537 affects Eclipse Vert.x core: HTTP header processing in Vert.x HttpServer and HttpClient between Vert.x 3.0 and 3.5.1 does not filter CRLF characters, enabling injection of arbitrary HTTP headers in requests/responses. The issue stems from improper CRLF neutralization. Red Hat’s adv...

5.3CVSS5AI score0.02482EPSS
CVE
CVE
added 2018/07/12 2:0 p.m.99 views

CVE-2018-12540

The CVE-2018-12540 entry refers to Eclipse Vert.x Vert.x-Web CSRFHandler: versions 3.0.0–3.5.2 do not verify that the XSRF cookie matches the returned XSRF header/form parameter, enabling replay attacks with non-expired tokens. Public sources (including Red Hat RHSA-2018:2371 and OSV/GHSA entries...

8.8CVSS8.5AI score0.01994EPSS
CVE
CVE
added 2018/10/10 8:0 p.m.83 views

CVE-2018-12542

In Eclipse Vert.x 3.0.0–3.5.3, the StaticHandler reads external input to form a pathname and fails to neutralize backslash sequences on Windows, allowing path traversal to locations outside the intended restricted directory. This CVE is documented with a high/critical impact (CVE-2018-12542) and ...

9.8CVSS9.3AI score0.02286EPSS