Eclipse Vert.x-Web 4.0.0 Milestone 1
Approved changes feed: RSS · Atom
cpe:2.3:a:eclipse:vert.x-web:4.0.0:milestone1:*:*:*:*:*:*
part: a version: 4.0.0 update: milestone1
| Vendor | Eclipse (fa988180-604e-5c1f-93ea-65b5297000fc) |
|---|---|
| Product | Vert.X Web (e5f51a0e-511f-55d9-ac38-7784bf48e2a4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/vert-x3/vertx-web |
purl2cpe | 2026-06-01 10:15:03.176691 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-35217 |
vulnerable | 2026-06-03 14:42:31.708187 |
Details available
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
Published: 2021-01-20T12:28:44.000Z
Updated: 2024-08-04T17:02:06.925Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.