PT-2020-9932 · Eclipse · Eclipse Vert.X

Lhotari

Published

2020-10-15

Updated

2022-02-10

CVE-2019-17640

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Vert.x versions 3.4.x through 3.9.4 Eclipse Vert.x versions 4.0.0.milestone1 through 4.0.0.Beta3

Description The issue arises from the StaticHandler in Eclipse Vert.x not correctly processing back slashes on Windows Operating systems. This allows an attacker to escape the webroot folder to the current working directory.

Recommendations For Eclipse Vert.x versions 3.4.x through 3.9.4, consider disabling the StaticHandler until a patch is available. For Eclipse Vert.x versions 4.0.0.milestone1 through 4.0.0.Beta3, consider disabling the StaticHandler until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

CVE-2019-17640

GHSA-VJW7-6GFQ-6WF5

Affected Products

Eclipse Vert.X

PT-2020-9932 · Eclipse · Eclipse Vert.X

CVE-2019-17640

Weakness Enumeration

Related Identifiers

Affected Products

References · 20