CNNVD-202510-3058 Information

CNNVD ID

CNNVD-202510-3058

Related CVE

CVE-2025-11965

• CNNVD Published: 2025-10-22

Description (Chinese)

Eclipse Vert.x是Eclipse基金会的一个应用于 JVM 上用于构建响应式应用程序的工具包。 Eclipse Vert.x 4.0.0版本至4.5.21版本和5.0.0版本至5.0.4版本存在安全漏洞，该漏洞源于StaticHandler配置无法限制对隐藏目录的访问，可能导致未经授权的用户检索隐藏目录中的文件。

Description (English)

Eclipse Vert.x is an Eclipse Foundation toolkit for JVM applications. There is a security loophole in Eclipse Vert.x 4.0.0 to 4.5.21 and 5.0.0 to 5.0.4, which stems from the fact that the Statihowler configuration cannot limit access to hidden directories and may lead unauthorized users to retrieve documents in hidden directories.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Eclipse

Published

2025-10-22

Last Modified

2026-02-24

References

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/304