Homepage

io.vertx:vertx-core@3.0.0-milestone3 vulnerabilities

  • latest version

    5.0.5

  • latest non vulnerable version

    5.0.5

  • first published

    12 years ago

  • latest version published

    21 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the io.vertx:vertx-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Denial of Service (DoS)

    io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM.

    Affected versions of this package are vulnerable to Denial of Service (DoS). The WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory without a limit which could lead to memory exhaustion.

    How to fix Denial of Service (DoS)?

    Upgrade io.vertx:vertx-core to version 3.5.4 or higher.

    [,3.5.4)
    • M
    HTTP Header Injection

    io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM.

    Affected versions of this package are vulnerable to HTTP Header Injection. The HttpServer response headers and HttpClient request headers do not check wether header name or value contain \r or \n chars. This allow unfiltered values to inject a new header in the client request or server response.

    How to fix HTTP Header Injection?

    Upgrade io.vertx:vertx-core to version 3.5.2 or higher.

    [,3.5.2)
    Go back to all versions of this package