Vert.x Security Vulnerabilities and Issues — Vert.x CVE List

Lucene search

EclipseVert.x

3 matches found

CVE•added 2018/10/10 8:29 p.m.•91 views

CVE-2018-12541

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the ...

6.5CVSS6.3AI score0.01315EPSS

CVE•added 2018/10/10 8:29 p.m.•69 views

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

9.8CVSS9.3AI score0.00643EPSS

CVE•added 2018/10/10 8:29 p.m.•66 views

CVE-2018-12542

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' (forward slashes) sequences that can resolve to a location that is outside of that directory when runn...

9.8CVSS9.3AI score0.00962EPSS