CNNVD-202510-3057 Information

CNNVD ID

CNNVD-202510-3057

Related CVE

CVE-2025-11966

• CNNVD Published: 2025-10-22

Description (Chinese)

Eclipse Vert.x是Eclipse基金会的一个应用于 JVM 上用于构建响应式应用程序的工具包。 Eclipse Vert.x 4.0.0版本至4.5.21版本和5.0.0版本至5.0.4版本存在安全漏洞，该漏洞源于目录列表功能未对文件和目录名称进行适当转义，可能导致存储型跨站脚本攻击。

Description (English)

Eclipse Vert.x is an Eclipse Foundation toolkit for JVM applications. Eclipse Vert.x 4.0.0 to 4.5.21 and 5.0.0 to 5.0.4 had a security loophole, which stemmed from the fact that the catalogue function did not properly transpose documents and catalogue names and could result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Eclipse

Published

2025-10-22

Last Modified

2026-02-24

References

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/303