Description
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
Remediation
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r8383b5e7344a8b872e430ad72241b84b83e9701d275c602cfe34a941%40%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/rfd0ebf8387cfd0b959d1e218797e709793cce51a5ea2f84d0976f47d%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r8d863b148efe778ce5f8f961d0cafeda399e681d3f0656233b4c5511%40%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r591f6932560c8c46cee87415afed92924a982189fea7f7c9096f8e33%40%3Ccommits.pulsar.apache.org%3E
Related Vulnerabilities
CVE-2015-1796 Vulnerability in maven package org.opensaml:opensaml
CVE-2022-39248 Vulnerability in maven package org.matrix.android:matrix-android-sdk2
CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials
CVE-2016-6637 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login