io.vertx:vertx-web@4.0.0-milestone2 vulnerabilities

  • latest version

    4.5.11

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the io.vertx:vertx-web package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Cross-site Request Forgery (CSRF)

    io.vertx:vertx-web is a HTTP web applications for Vert.x.

    Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). Vert.x-Web framework does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.

    How to fix Cross-site Request Forgery (CSRF)?

    Upgrade io.vertx:vertx-web to version 4.0.0-milestone5 or higher.

    [4.0.0-milestone1,4.0.0-milestone5)