Eclipse Vert.x 3.5.3

CPE Details

Eclipse Vert.x 3.5.3
eclipse
vert.x
3.5.3
2018-10-10
16h04 +00:00
2018-10-10
16h04 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:eclipse:vert.x:3.5.3:*:*:*:*:*:*:*

Informations

Vendor

eclipse

Product

vert.x

Version

3.5.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-17640 2020-10-15 18h30 +00:00 In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
9.8
Critique
CVE-2018-12541 2018-10-10 18h00 +00:00 In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
6.5
Moyen
CVE-2018-12542 2018-10-10 18h00 +00:00 In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
9.8
Critique
CVE-2018-12544 2018-10-10 18h00 +00:00 In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
9.8
Critique