Vulnerability	Vulnerable Version
H Cross-site Request Forgery (CSRF) io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The `CSRFHandler` does not assert that the `XSRF` Cookie matches the returned `XSRF` header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. How to fix Cross-site Request Forgery (CSRF)? Upgrade `io.vertx:vertx-web` to version 3.5.3 or higher.	[3.0.0,3.5.3)
M Directory Traversal io.vertx:vertx-web is a HTTP web applications for Vert.x. Affected versions of this package are vulnerable to Directory Traversal. It does not properly neutralize `\` sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. How to fix Directory Traversal? Upgrade io.vertx:vertx-web to version 3.5.4 or higher.	[,3.5.4)

Cross-site Request Forgery (CSRF)

io.vertx:vertx-web is a HTTP web applications for Vert.x.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The CSRFHandler does not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade io.vertx:vertx-web to version 3.5.3 or higher.

[3.0.0,3.5.3)

Directory Traversal

io.vertx:vertx-web is a HTTP web applications for Vert.x.

Affected versions of this package are vulnerable to Directory Traversal. It does not properly neutralize \ sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

How to fix Directory Traversal?

Upgrade io.vertx:vertx-web to version 3.5.4 or higher.

[,3.5.4)

Go back to all versions of this package