RSS   Vulnerabilities for 'Vert.x'   RSS

2018-10-10
 
CVE-2018-12544

CWE-611
 

 
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.

 
 
CVE-2018-12542

CWE-22
 

 
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

 
 
CVE-2018-12541

CWE-119
 

 
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.

 
2018-08-14
 
CVE-2018-12537

CWE-20
 

 
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

 

 >>> Vendor: Eclipse 11 Products
Eclipse ide
BIRT
Jetty
Tinydtls
KURA
IDE
Mosquitto
Mojarra
Vert.x
Openj9
Rdf4j


Copyright 2019, cxsecurity.com

 

Back to Top