CVE-2018-12542

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 3.0.0 through 3.5.3

Description The StaticHandler in Eclipse Vert.x uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '' (backslashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

Recommendations For Eclipse Vert.x versions 3.0.0 through 3.5.3, consider updating to a version where this issue is resolved, as the current version does not properly handle pathname construction based on external input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.