VYPR
Critical severityNVD Advisory· Published Oct 15, 2020· Updated Aug 5, 2024

CVE-2019-17640

CVE-2019-17640

Description

In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.vertx:vertx-webMaven
>= 3.0.0, < 3.9.43.9.4

Affected products

2
  • ghsa-coords
    Range: >= 3.0.0, < 3.9.4
  • The Eclipse Foundation/Eclipse Vert.xv5
    Range: 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, 4.0.0.Beta3

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.