io.vertx:vertx-core@4.5.1 vulnerabilities

latest version

4.5.7
latest non vulnerable version

4.5.7
first published

11 years ago
latest version published

a month ago
licenses detected
- (Apache-2.0 OR EPL-1.0)
  [3.0.0-milestone2,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.vertx:vertx-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Resource Exhaustion io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Resource Exhaustion due to erroneous caching in the server name map, for TCP servers configured with TLS and SNI support. This allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. Note: This affects only TLS servers with SNI enabled. How to fix Resource Exhaustion? Upgrade `io.vertx:vertx-core` to version 4.4.8, 4.5.3 or higher.	[4.3.4,4.4.8) [4.5.0,4.5.3)
H Denial of Service (DoS) io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper management of Netty `FastThreadLocal` data structures. An attacker can cause a denial of service by triggering a memory leak. How to fix Denial of Service (DoS)? Upgrade `io.vertx:vertx-core` to version 4.4.7, 4.5.2 or higher.	[4.4.5,4.4.7) [4.5.0,4.5.2)

Resource Exhaustion

io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM.

Affected versions of this package are vulnerable to Resource Exhaustion due to erroneous caching in the server name map, for TCP servers configured with TLS and SNI support. This allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

Note: This affects only TLS servers with SNI enabled.

How to fix Resource Exhaustion?

Upgrade io.vertx:vertx-core to version 4.4.8, 4.5.3 or higher.

[4.3.4,4.4.8) [4.5.0,4.5.3)

Denial of Service (DoS)

io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper management of Netty FastThreadLocal data structures. An attacker can cause a denial of service by triggering a memory leak.

How to fix Denial of Service (DoS)?

Upgrade io.vertx:vertx-core to version 4.4.7, 4.5.2 or higher.

[4.4.5,4.4.7) [4.5.0,4.5.2)

Go back to all versions of this package

io.vertx:vertx-core@4.5.1 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities