Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.undertow/undertow-core@1.3.0

Type maven

Namespace io.undertow

Name undertow-core

Version 1.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.20.Final

Latest_non_vulnerable_version 2.4.0.Beta1

Affected_by_vulnerabilities

url VCID-2e2u-nvuu-kfbs

vulnerability_id VCID-2e2u-nvuu-kfbs

summary

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

references

reference_url	https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3454

reference_url	https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3455

reference_url	https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3456

reference_url	https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:3458

reference_url	https://access.redhat.com/errata/RHSA-2018:0002
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0002

reference_url	https://access.redhat.com/errata/RHSA-2018:0003
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0003

reference_url	https://access.redhat.com/errata/RHSA-2018:0004
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0004

reference_url	https://access.redhat.com/errata/RHSA-2018:0005
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:0005

reference_url	https://access.redhat.com/errata/RHSA-2018:1322
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:1322

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7559

reference_id

reference_type

scores

value	0.01128
scoring_system	epss
scoring_elements	0.78326
published_at	2026-04-21T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78329
published_at	2026-04-18T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78293
published_at	2026-04-08T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78254
published_at	2026-04-02T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78285
published_at	2026-04-04T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78267
published_at	2026-04-07T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78299
published_at	2026-04-09T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78331
published_at	2026-04-16T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78302
published_at	2026-04-13T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78246
published_at	2026-04-01T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78307
published_at	2026-04-12T12:55:00Z

value	0.01128
scoring_system	epss
scoring_elements	0.78324
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7559

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559

reference_url

https://github.com/undertow-io/undertow

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/undertow-io/undertow

reference_url

https://issues.jboss.org/browse/UNDERTOW-1251

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/UNDERTOW-1251

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1481665
reference_id	1481665
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1481665

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
reference_id	885576
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow::::::::
reference_id	cpe:2.3:a:redhat:undertow::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.0.0:alpha1::::::
reference_id	cpe:2.3:a:redhat:undertow:2.0.0:alpha1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow:2.0.0:alpha1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7559

reference_id

CVE-2017-7559

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7559

reference_url

https://github.com/advisories/GHSA-rj76-h87p-r3wf

reference_id

GHSA-rj76-h87p-r3wf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rj76-h87p-r3wf

fixed_packages

url pkg:maven/io.undertow/undertow-core@1.3.31.Final

purl pkg:maven/io.undertow/undertow-core@1.3.31.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14ff-vn3t-vyhy

vulnerability	VCID-1vrj-chs2-d3ab

vulnerability	VCID-1w4t-um5v-jkfv

vulnerability	VCID-2cv5-9v62-kfbm

vulnerability	VCID-2ez8-r9wv-53du

vulnerability	VCID-5585-a76n-zubf

vulnerability	VCID-62gn-nwup-8uat

vulnerability	VCID-73st-24ck-uydb

vulnerability	VCID-7ec2-9kmy-77eh

vulnerability	VCID-7yc7-e35f-8uhj

vulnerability	VCID-93ut-2de3-ckc5

vulnerability	VCID-bhrz-ea7j-k3bh

vulnerability	VCID-bm42-byxp-2kb5

vulnerability	VCID-bpuw-kn4r-6kau

vulnerability	VCID-cf5j-2dz8-7bbu

vulnerability	VCID-dvxb-wu3m-xuaz

vulnerability	VCID-gsr8-1dea-effx

vulnerability	VCID-k6c9-mckm-cyhy

vulnerability	VCID-ns3p-22xg-q3bz

vulnerability	VCID-p9y4-yce4-zqbk

vulnerability	VCID-rqvc-k1jm-9kg9

vulnerability	VCID-scjb-1mwk-rfdd

vulnerability	VCID-sxup-wzjc-tue1

vulnerability	VCID-urxh-sp91-kuet

vulnerability	VCID-usz2-tufg-k7gz

vulnerability	VCID-xftw-raz7-b7e1

vulnerability	VCID-xme8-usmd-vqg3

vulnerability	VCID-yn69-8upm-7yc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final

url pkg:maven/io.undertow/undertow-core@1.4.17.Final

purl pkg:maven/io.undertow/undertow-core@1.4.17.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14ff-vn3t-vyhy

vulnerability	VCID-1vrj-chs2-d3ab

vulnerability	VCID-1w4t-um5v-jkfv

vulnerability	VCID-2cv5-9v62-kfbm

vulnerability	VCID-2ez8-r9wv-53du

vulnerability	VCID-5585-a76n-zubf

vulnerability	VCID-62gn-nwup-8uat

vulnerability	VCID-73st-24ck-uydb

vulnerability	VCID-77xn-dtdn-hfa2

vulnerability	VCID-7ec2-9kmy-77eh

vulnerability	VCID-7yc7-e35f-8uhj

vulnerability	VCID-93ut-2de3-ckc5

vulnerability	VCID-bhrz-ea7j-k3bh

vulnerability	VCID-bm42-byxp-2kb5

vulnerability	VCID-bpuw-kn4r-6kau

vulnerability	VCID-cf5j-2dz8-7bbu

vulnerability	VCID-dvxb-wu3m-xuaz

vulnerability	VCID-gsr8-1dea-effx

vulnerability	VCID-k6c9-mckm-cyhy

vulnerability	VCID-ns3p-22xg-q3bz

vulnerability	VCID-p9y4-yce4-zqbk

vulnerability	VCID-rqvc-k1jm-9kg9

vulnerability	VCID-scjb-1mwk-rfdd

vulnerability	VCID-sxup-wzjc-tue1

vulnerability	VCID-urxh-sp91-kuet

vulnerability	VCID-usz2-tufg-k7gz

vulnerability	VCID-xftw-raz7-b7e1

vulnerability	VCID-xme8-usmd-vqg3

vulnerability	VCID-yn69-8upm-7yc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final

url	pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
purl	pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2

url pkg:maven/io.undertow/undertow-core@2.0.1.Final

purl pkg:maven/io.undertow/undertow-core@2.0.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-14ff-vn3t-vyhy

vulnerability	VCID-1vrj-chs2-d3ab

vulnerability	VCID-2cv5-9v62-kfbm

vulnerability	VCID-2ez8-r9wv-53du

vulnerability	VCID-4v1f-kt5y-w7d1

vulnerability	VCID-5585-a76n-zubf

vulnerability	VCID-62gn-nwup-8uat

vulnerability	VCID-73st-24ck-uydb

vulnerability	VCID-7ec2-9kmy-77eh

vulnerability	VCID-7yc7-e35f-8uhj

vulnerability	VCID-93ut-2de3-ckc5

vulnerability	VCID-bhrz-ea7j-k3bh

vulnerability	VCID-bm42-byxp-2kb5

vulnerability	VCID-bpuw-kn4r-6kau

vulnerability	VCID-cf5j-2dz8-7bbu

vulnerability	VCID-dvxb-wu3m-xuaz

vulnerability	VCID-gsr8-1dea-effx

vulnerability	VCID-k6c9-mckm-cyhy

vulnerability	VCID-ns3p-22xg-q3bz

vulnerability	VCID-p9y4-yce4-zqbk

vulnerability	VCID-rqvc-k1jm-9kg9

vulnerability	VCID-scjb-1mwk-rfdd

vulnerability	VCID-sxup-wzjc-tue1

vulnerability	VCID-urxh-sp91-kuet

vulnerability	VCID-usz2-tufg-k7gz

vulnerability	VCID-xftw-raz7-b7e1

vulnerability	VCID-xme8-usmd-vqg3

vulnerability	VCID-yn69-8upm-7yc2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final

aliases CVE-2017-7559, GHSA-rj76-h87p-r3wf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e2u-nvuu-kfbs

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.0

Package Instance