Homepage
About Snyk

io.vertx%3Avertx-web@3.4.1 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.vertx%3Avertx-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Request Forgery (CSRF)

io.vertx:vertx-web is a HTTP web applications for Vert.x.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The CSRFHandler does not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade io.vertx:vertx-web to version 3.5.3 or higher.

[3.0.0,3.5.3)
  • M
Directory Traversal

io.vertx:vertx-web is a HTTP web applications for Vert.x.

Affected versions of this package are vulnerable to Directory Traversal. It does not properly neutralize \ sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

How to fix Directory Traversal?

Upgrade io.vertx:vertx-web to version 3.5.4 or higher.

[,3.5.4)
Go back to all versions of this package