{"id":"GHSA-h39x-m55c-v55h","summary":"Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location","details":"In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.","aliases":["CVE-2018-12542"],"modified":"2023-11-08T03:59:50.042130Z","published":"2018-10-17T16:20:45Z","database_specific":{"nvd_published_at":null,"severity":"CRITICAL","cwe_ids":["CWE-22"],"github_reviewed":true,"github_reviewed_at":"2020-06-16T21:38:32Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12542"},{"type":"WEB","url":"https://github.com/vert-x3/vertx-web/issues/1025"},{"type":"WEB","url":"https://github.com/vert-x3/vertx-web/commit/57a65dce6f4c5aa5e3ce7288685e7f3447eb8f3b"},{"type":"WEB","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=539171"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-h39x-m55c-v55h"},{"type":"PACKAGE","url":"https://github.com/vert-x3/vertx-web"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"}],"affected":[{"package":{"name":"io.vertx:vertx-web","ecosystem":"Maven","purl":"pkg:maven/io.vertx/vertx-web"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.0.0"},{"fixed":"3.5.4"}]}],"versions":["3.0.0","3.1.0","3.2.0","3.2.1","3.3.0","3.3.0.CR1","3.3.0.CR2","3.3.1","3.3.2","3.3.3","3.4.0","3.4.0.Beta1","3.4.1","3.4.2","3.5.0","3.5.0.Beta1","3.5.1","3.5.2","3.5.2.CR1","3.5.2.CR2","3.5.2.CR3","3.5.3","3.5.3.CR1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-h39x-m55c-v55h/GHSA-h39x-m55c-v55h.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}