Eclipse Vert.X
Approved changes feed: RSS · Atom
cpe:2.3:a:the_eclipse_foundation:eclipse_vert.x:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | The Eclipse Foundation (bb2d55d2-5306-5bc8-beb2-981f5d5392e4) |
|---|---|
| Product | Eclipse Vert.X (5a89916f-4a96-50df-8e9b-e81ae84723e1) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-17640 |
vulnerable | 2026-06-03 14:39:56.704132 |
Details available
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
Published: 2020-10-15T20:30:15.000Z
Updated: 2024-08-05T01:47:13.749Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12544 |
vulnerable | 2026-06-03 14:38:04.481233 |
Details available
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
Published: 2018-10-10T20:00:00.000Z
Updated: 2024-08-05T08:38:06.199Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12542 |
vulnerable | 2026-06-03 14:38:04.478088 |
Details available
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
Published: 2018-10-10T20:00:00.000Z
Updated: 2024-08-05T08:38:06.140Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12541 |
vulnerable | 2026-06-03 14:38:04.477719 |
Details available
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
Published: 2018-10-10T20:00:00.000Z
Updated: 2024-08-05T08:38:06.089Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12540 |
vulnerable | 2026-06-03 14:38:04.477072 |
Details available
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Published: 2018-07-12T14:00:00.000Z
Updated: 2024-08-05T08:38:05.970Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-12537 |
vulnerable | 2026-06-03 14:38:04.466674 |
Details available
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
Published: 2018-08-14T19:00:00.000Z
Updated: 2024-08-05T08:38:06.072Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.