CVE-2019-17640

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416", "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r8383b5e7344a8b872e430ad72241b84b83e9701d275c602cfe34a941@%3Ccommits.servicecomb.apache.org%3E", "name": "https://lists.apache.org/thread.html/r8383b5e7344a8b872e430ad72241b84b83e9701d275c602cfe34a941@%3Ccommits.servicecomb.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/rfd0ebf8387cfd0b959d1e218797e709793cce51a5ea2f84d0976f47d@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210610 [GitHub] [pulsar] lhotari opened a new pull request #10889: [Security] Upgrade vertx to 3.9.8 to address CVE-2019-17640", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r8d863b148efe778ce5f8f961d0cafeda399e681d3f0656233b4c5511@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210621 [GitHub] [pulsar] lhotari merged pull request #10889: [Security] Upgrade vertx to 3.9.8 to address CVE-2019-17640", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r591f6932560c8c46cee87415afed92924a982189fea7f7c9096f8e33@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210625 [pulsar] 03/13: [Security] Upgrade vertx to 3.9.8 to address CVE-2019-17640 (#10889)", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-17640", "ASSIGNER": "security@eclipse.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2020-10-15T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.9.4", "versionStartIncluding": "3.4.0"}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:milestone1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:milestone2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:milestone3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:milestone4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:vert.x:4.0.0:milestone5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-08-06T18:14Z"}