Back to search
CVE-2018-12542
Published: Oct 10, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
| Vendor | Product | Versions |
|---|---|---|
The Eclipse Foundation | Eclipse Vert.x | affected 3.0 - < unspecifiedaffected unspecified - <= 3.5.3 |
References
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
x_refsource_MLIST
https://github.com/vert-x3/vertx-web/issues/1025
x_refsource_CONFIRM
https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now