Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-h39x-m55c-v55h

GitHub Security Advisory

Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.

Affected Packages

Maven io.vertx:vertx-web
Affected versions: 3.0.0 (fixed in 3.5.4)

Related CVEs

CVE-2018-12542

Key Information

GHSA ID
GHSA-h39x-m55c-v55h
Published
October 17, 2018 4:20 PM
Last Modified
April 26, 2022 9:49 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
io.vertx:vertx-web
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.