diff --git a/2019/17xxx/CVE-2019-17640.json b/2019/17xxx/CVE-2019-17640.json new file mode 100644 index 00000000000..ba4802fdd15 --- /dev/null +++ b/2019/17xxx/CVE-2019-17640.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-17640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Vert.x", + "version": { + "version_data": [ + { + "version_value": "3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, 4.0.0.Beta3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567416" + } + ] + } +}