io.vertx:vertx-core@3.5.3 vulnerabilities
-
latest version
4.5.7
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
a month ago
-
licenses detected
- (Apache-2.0 OR EPL-1.0)[3.0.0-milestone2,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the io.vertx:vertx-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Directory Traversal. StaticHandler doesn't correctly processes backslashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. How to fix Directory Traversal? Upgrade |
[3.4.0,3.9.4)
|
io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Denial of Service (DoS). The WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory without a limit which could lead to memory exhaustion. How to fix Denial of Service (DoS)? Upgrade io.vertx:vertx-core to version 3.5.4 or higher. |
[,3.5.4)
|