io.quarkus:quarkus-vertx-http 2.13.7.Final

Direct Vulnerabilities

Known vulnerabilities in the io.quarkus:quarkus-vertx-http package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Output Neutralization for Logs io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTTP access logs with long pattern when the logging format is set to a verbose, user-supplied pattern. An attacker can obtain sensitive information like Authorization, Cookie by reading the log files. How to fix Improper Output Neutralization for Logs? Upgrade `io.quarkus:quarkus-vertx-http` to version 3.27.2, 3.29.1 or higher.	[,3.27.2)[3.28.0.CR1,3.29.1)
H Access Restriction Bypass io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications. Affected versions of this package are vulnerable to Access Restriction Bypass when using HTTP security path-based rules to protect HTTP endpoints. This issue allows unauthorized access to secured paths—such as `/a/protected/path` simply by adding an extra slash, like so: `/a/protected//path`. How to fix Access Restriction Bypass? Upgrade `io.quarkus:quarkus-vertx-http` to version 2.16.11.Final, 3.2.6.Final, 3.3.3 or higher.	[,2.16.11.Final)[3.2.0,3.2.6.Final)[3.3.0,3.3.3)
M Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications. Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') such that the TLS protocol configured with `quarkus.http.ssl.protocols` is not enforced, and the client can force the selection of the weaker supported TLS protocol. How to fix Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')? Upgrade `io.quarkus:quarkus-vertx-http` to version 2.16.8.Final, 3.2.1.Final or higher.	[,2.16.8.Final)[3.0.0.Alpha1,3.2.1.Final)

Vulnerability

Vulnerable Version

Improper Output Neutralization for Logs

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the HTTP access logs with long pattern when the logging format is set to a verbose, user-supplied pattern. An attacker can obtain sensitive information like Authorization, Cookie by reading the log files.

How to fix Improper Output Neutralization for Logs?

Upgrade io.quarkus:quarkus-vertx-http to version 3.27.2, 3.29.1 or higher.

[,3.27.2)[3.28.0.CR1,3.29.1)

Access Restriction Bypass

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Access Restriction Bypass when using HTTP security path-based rules to protect HTTP endpoints. This issue allows unauthorized access to secured paths—such as /a/protected/path simply by adding an extra slash, like so: /a/protected//path.

How to fix Access Restriction Bypass?

Upgrade io.quarkus:quarkus-vertx-http to version 2.16.11.Final, 3.2.6.Final, 3.3.3 or higher.

[,2.16.11.Final)[3.2.0,3.2.6.Final)[3.3.0,3.3.3)

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') such that the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

How to fix Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')?

Upgrade io.quarkus:quarkus-vertx-http to version 2.16.8.Final, 3.2.1.Final or higher.

[,2.16.8.Final)[3.0.0.Alpha1,3.2.1.Final)

io.quarkus:quarkus-vertx-http@2.13.7.Final

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically