CVE-2019-17640
- Source
- https://cve.org/CVERecord?id=CVE-2019-17640
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17640.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-17640
- Aliases
- Published
- 2020-10-15T21:15:11.427Z
- Modified
- 2026-04-10T04:16:32.681411Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
- References
-
- https://lists.apache.org/thread.html/r591f6932560c8c46cee87415afed92924a982189fea7f7c9096f8e33%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r8383b5e7344a8b872e430ad72241b84b83e9701d275c602cfe34a941%40%3Ccommits.servicecomb.apache.org%3E
- https://lists.apache.org/thread.html/r8d863b148efe778ce5f8f961d0cafeda399e681d3f0656233b4c5511%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rfd0ebf8387cfd0b959d1e218797e709793cce51a5ea2f84d0976f47d%40%3Ccommits.pulsar.apache.org%3E
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416
Affected packages
Git / github.com/vert-x3/vertx-web
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vert-x3/vertx-web
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "3.4.0" }, { "last_affected": "3.9.4" }, { "introduced": "0" }, { "last_affected": "4.0.0-beta1" }, { "introduced": "0" }, { "last_affected": "4.0.0-beta2" }, { "introduced": "0" }, { "last_affected": "4.0.0-beta3" }, { "introduced": "0" }, { "last_affected": "4.0.0-milestone1" }, { "introduced": "0" }, { "last_affected": "4.0.0-milestone2" }, { "introduced": "0" }, { "last_affected": "4.0.0-milestone3" }, { "introduced": "0" }, { "last_affected": "4.0.0-milestone4" }, { "introduced": "0" }, { "last_affected": "4.0.0-milestone5" } ] }
Affected versions
3.*
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.6.0
3.6.0.CR1
3.6.0.CR2
3.6.1
3.6.2
3.6.3
3.7.0
3.7.1
3.8.0
3.8.1
3.8.2
3.8.3
3.8.3-01
3.8.4
3.8.5
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
4.*
4.0.0-milestone1
4.0.0-milestone2
4.0.0-milestone3
4.0.0-milestone4
4.0.0-milestone5
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.CR1
4.0.0.CR2