Vert X Eclipse Vert X

Do you want an email whenever new security vulnerabilities are reported in Eclipse Vert X?

By the Year

In 2024 there have been 0 vulnerabilities in Eclipse Vert X . Vert X did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 9.80
2019 0 0.00
2018 4 7.60

It may take a day or so for new Vert X vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Eclipse Vert X Security Vulnerabilities

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems

CVE-2019-17640 9.8 - Critical - October 15, 2020

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.

Directory traversal

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x

CVE-2018-12541 6.5 - Medium - October 10, 2018

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.

Buffer Overflow

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x

CVE-2018-12544 9.8 - Critical - October 10, 2018

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

XXE

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters

CVE-2018-12537 5.3 - Medium - August 14, 2018

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

Improper Input Validation

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert

CVE-2018-12540 8.8 - High - July 12, 2018

In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Eclipse Vert X or by Eclipse? Click the Watch button to subscribe.

Eclipse
Vendor

subscribe