io.vertx:vertx-web@3.5.3.CR1 vulnerabilities

  • latest version

    4.5.11

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the io.vertx:vertx-web package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Cross-site Request Forgery (CSRF)

    io.vertx:vertx-web is a HTTP web applications for Vert.x.

    Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The CSRFHandler does not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.

    How to fix Cross-site Request Forgery (CSRF)?

    Upgrade io.vertx:vertx-web to version 3.5.3 or higher.

    [3.0.0,3.5.3)
    • M
    Directory Traversal

    io.vertx:vertx-web is a HTTP web applications for Vert.x.

    Affected versions of this package are vulnerable to Directory Traversal. It does not properly neutralize \ sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

    How to fix Directory Traversal?

    Upgrade io.vertx:vertx-web to version 3.5.4 or higher.

    [,3.5.4)