GHSA-h39x-m55c-v55h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h39x-m55c-v55h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-h39x-m55c-v55h/GHSA-h39x-m55c-v55h.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-h39x-m55c-v55h
- Aliases
- Published
- 2018-10-17T16:20:45Z
- Modified
- 2023-11-01T04:48:53.195114Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
- Details
-
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
- Database specific
{ "github_reviewed_at": "2020-06-16T21:38:32Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "nvd_published_at": null }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-12542
- https://github.com/vert-x3/vertx-web/issues/1025
- https://github.com/vert-x3/vertx-web/commit/57a65dce6f4c5aa5e3ce7288685e7f3447eb8f3b
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171
- https://github.com/advisories/GHSA-h39x-m55c-v55h
- https://github.com/vert-x3/vertx-web
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
Affected packages
Maven / io.vertx:vertx-web
Package
- Name
- io.vertx:vertx-web
- View open source insights on deps.dev
- Purl
- pkg:maven/io.vertx/vertx-web