CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24815 – Disclosure of classpath resources on Windows when mounted on a wildcard route in vertx-web
https://notcve.org/view.php?id=CVE-2023-24815
09 Feb 2023 — Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segm... • https://github.com/vert-x3/vertx-web/blob/62c0d66fa1c179ae6a4d57344631679a2b97e60f/vertx-web/src/main/java/io/vertx/ext/web/impl/Utils.java#L83 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-35217
https://notcve.org/view.php?id=CVE-2020-35217
20 Jan 2021 — Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack. El f... • https://github.com/vert-x3/vertx-web/pull/1613 • CWE-352: Cross-Site Request Forgery (CSRF) •