Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/409342?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/409342?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.3.0.Beta9", "type": "maven", "namespace": "io.undertow", "name": "undertow-core", "version": "1.3.0.Beta9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.0.Beta1", "latest_non_vulnerable_version": "2.4.0.Beta1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209466?format=api", "vulnerability_id": "VCID-1nxp-wx8c-a7gx", "summary": "Exposure of Sensitive Information to an Unauthorized Actor in Undertow", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0362", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0364", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0364" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0365", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0380", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1106", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1107", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1108", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1140", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1140" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00708", "scoring_system": "epss", "scoring_elements": "0.72743", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00708", "scoring_system": "epss", "scoring_elements": "0.72654", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00708", "scoring_system": "epss", "scoring_elements": "0.72731", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00708", "scoring_system": "epss", "scoring_elements": "0.72745", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14642" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628702", "reference_id": "1628702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796", "reference_id": "911796", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14642", "reference_id": "CVE-2018-14642", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14642" }, { "reference_url": "https://github.com/advisories/GHSA-vf6r-mmhc-3xcm", "reference_id": "GHSA-vf6r-mmhc-3xcm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vf6r-mmhc-3xcm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/390753?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/430469?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.15.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/21332?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.19.FINAL", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL" } ], "aliases": [ "CVE-2018-14642", "GHSA-vf6r-mmhc-3xcm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nxp-wx8c-a7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219212?format=api", "vulnerability_id": "VCID-26ru-xpcj-7bcz", "summary": "A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0729", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0729" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46685", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46828", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46843", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46824", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14888" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220211-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220211-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220211-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220211-0001/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464", "reference_id": "1772464", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772464" }, { "reference_url": "https://github.com/advisories/GHSA-vjxc-frw4-jmh5", "reference_id": "GHSA-vjxc-frw4-jmh5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vjxc-frw4-jmh5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2367", "reference_id": "RHSA-2020:2367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386104?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.29.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final" } ], "aliases": [ "CVE-2019-14888", "GHSA-vjxc-frw4-jmh5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26ru-xpcj-7bcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219218?format=api", "vulnerability_id": "VCID-3cek-y62u-7qas", "summary": "A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64754", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64857", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64869", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64866", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770", "reference_id": "1752770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "reference_url": "https://github.com/advisories/GHSA-2w73-fqqj-c92p", "reference_id": "GHSA-2w73-fqqj-c92p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2w73-fqqj-c92p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458731?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/19005?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hqt-avvb-j7ay" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0" } ], "aliases": [ "CVE-2020-1757", "GHSA-2w73-fqqj-c92p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cek-y62u-7qas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30417?format=api", "vulnerability_id": "VCID-45bm-ykfp-dugb", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1525", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2405", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2405" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67805", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67707", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67796", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00531", "scoring_system": "epss", "scoring_elements": "0.67809", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12196" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870" }, { "reference_url": "https://issues.jboss.org/browse/UNDERTOW-1190", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/UNDERTOW-1190" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055", "reference_id": "1503055", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503055" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196", "reference_id": "CVE-2017-12196", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12196" }, { "reference_url": "https://github.com/advisories/GHSA-cp7v-vmv7-6x2q", "reference_id": "GHSA-cp7v-vmv7-6x2q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cp7v-vmv7-6x2q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "RHSA-2018:0478", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "RHSA-2018:0479", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "RHSA-2018:0480", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "RHSA-2018:0481", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3768", "reference_id": "RHSA-2018:3768", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2561", "reference_id": "RHSA-2020:2561", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2561" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2562", "reference_id": "RHSA-2020:2562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/390203?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.19.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/22044?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.24.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/21981?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.25.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/22042?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.2.FInal", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2.FInal" }, { "url": "http://public2.vulnerablecode.io/api/packages/390204?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.3.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final" } ], "aliases": [ "CVE-2017-12196", "GHSA-cp7v-vmv7-6x2q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-45bm-ykfp-dugb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46202?format=api", "vulnerability_id": "VCID-4u9y-nd98-z7fr", "summary": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93507", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93486", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93512", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7885" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241011-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241011-0004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854", "reference_id": "1082854", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4", "reference_id": "cpe:/a:redhat:apache_camel_hawtio:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7", "reference_id": "cpe:/a:redhat:apache_camel_spring_boot:3.20.7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2", "reference_id": "cpe:/a:redhat:apache_camel_spring_boot:4.4.2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3", "reference_id": "cpe:/a:redhat:camel_spring_boot:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3", "reference_id": "cpe:/a:redhat:quarkus:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0", "reference_id": "cpe:/a:redhat:rhboac_hawtio:4.0.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7885", "reference_id": "CVE-2024-7885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7885" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", "reference_id": "CVE-2024-7885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7885" }, { "reference_url": "https://github.com/advisories/GHSA-9623-mqmm-5rcf", "reference_id": "GHSA-9623-mqmm-5rcf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9623-mqmm-5rcf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11023", "reference_id": "RHSA-2024:11023", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:11023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6508", "reference_id": "RHSA-2024:6508", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6883", "reference_id": "RHSA-2024:6883", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7441", "reference_id": "RHSA-2024:7441", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7442", "reference_id": "RHSA-2024:7442", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7735", "reference_id": "RHSA-2024:7735", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7736", "reference_id": "RHSA-2024:7736", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8080", "reference_id": "RHSA-2024:8080", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16667", "reference_id": "RHSA-2025:16667", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0743", "reference_id": "RHSA-2026:0743", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", "reference_id": "show_bug.cgi?id=2305290", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33059?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.36.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.36.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/33060?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.17.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.17.Final" } ], "aliases": [ "CVE-2024-7885", "GHSA-9623-mqmm-5rcf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u9y-nd98-z7fr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219215?format=api", "vulnerability_id": "VCID-4yb5-81eu-qubq", "summary": "A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53666", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53792", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53808", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10705" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0014" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0014/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241", "reference_id": "1803241", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241" }, { "reference_url": "https://github.com/advisories/GHSA-g4cp-h53p-v3v8", "reference_id": "GHSA-g4cp-h53p-v3v8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4cp-h53p-v3v8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3585", "reference_id": "RHSA-2020:3585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16668", "reference_id": "RHSA-2025:16668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16668" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382423?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final" } ], "aliases": [ "CVE-2020-10705", "GHSA-g4cp-h53p-v3v8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yb5-81eu-qubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219210?format=api", "vulnerability_id": "VCID-5age-ykyt-ryex", "summary": "CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1838.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1839.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1840.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1841.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3454", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3455", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3456", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3458", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3458" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4993", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01476", "scoring_system": "epss", "scoring_elements": "0.81377", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01476", "scoring_system": "epss", "scoring_elements": "0.81437", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01476", "scoring_system": "epss", "scoring_elements": "0.81445", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4993" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-827", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-827" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4993", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4993" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321", "reference_id": "1344321", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344321" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-4993", "reference_id": "CVE-2016-4993", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2016-4993" }, { "reference_url": "https://github.com/advisories/GHSA-qcqr-hcjq-whfq", "reference_id": "GHSA-qcqr-hcjq-whfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcqr-hcjq-whfq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1838", "reference_id": "RHSA-2016:1838", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1838" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1839", "reference_id": "RHSA-2016:1839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1840", "reference_id": "RHSA-2016:1840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1841", "reference_id": "RHSA-2016:1841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/409355?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.3.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-1wa8-ah8p-y3b6" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-5yva-1hua-a3af" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-b827-wz12-qye3" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uham-4wab-h3h7" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.5.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/14373?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wa8-ah8p-y3b6" }, { "vulnerability": "VCID-b827-wz12-qye3" }, { "vulnerability": "VCID-uham-4wab-h3h7" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/388703?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22041?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final" } ], "aliases": [ "CVE-2016-4993", "GHSA-qcqr-hcjq-whfq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5age-ykyt-ryex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30639?format=api", "vulnerability_id": "VCID-5yva-1hua-a3af", "summary": "", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05972", "scoring_system": "epss", "scoring_elements": "0.90869", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05972", "scoring_system": "epss", "scoring_elements": "0.90905", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.05972", "scoring_system": "epss", "scoring_elements": "0.90898", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d" }, { "reference_url": "http://www.securityfocus.com/bid/98965", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/98965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1438885", "reference_id": "1438885", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1438885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405", "reference_id": "864405", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670", "reference_id": "CVE-2017-2670", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670" }, { "reference_url": "https://github.com/advisories/GHSA-3x7h-5hfr-hvjm", "reference_id": "GHSA-3x7h-5hfr-hvjm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3x7h-5hfr-hvjm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1409", "reference_id": "RHSA-2017:1409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1410", "reference_id": "RHSA-2017:1410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1411", "reference_id": "RHSA-2017:1411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1412", "reference_id": "RHSA-2017:1412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0501", "reference_id": "RHSA-2018:0501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/390601?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.3.28.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-b827-wz12-qye3" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uham-4wab-h3h7" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/14371?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.3.28", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28" } ], "aliases": [ "CVE-2017-2670", "GHSA-3x7h-5hfr-hvjm" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yva-1hua-a3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211166?format=api", "vulnerability_id": "VCID-6dvp-ddvr-abh8", "summary": "Undertow vulnerable to Dos via Large AJP request", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55446", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.5557", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55582", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55567", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1350", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1350" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2133", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-2133" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862", "reference_id": "2095862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053", "reference_id": "CVE-2022-2053", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053" }, { "reference_url": "https://github.com/advisories/GHSA-95rf-557x-44g5", "reference_id": "GHSA-95rf-557x-44g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95rf-557x-44g5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6821", "reference_id": "RHSA-2022:6821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6822", "reference_id": "RHSA-2022:6822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6823", "reference_id": "RHSA-2022:6823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6825", "reference_id": "RHSA-2022:6825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8652", "reference_id": "RHSA-2022:8652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25650?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.19.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192619?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/25652?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/580009?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final" } ], "aliases": [ "CVE-2022-2053", "GHSA-95rf-557x-44g5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dvp-ddvr-abh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219220?format=api", "vulnerability_id": "VCID-7ejv-4mka-6fe6", "summary": "A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63603", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63705", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63719", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0044", "scoring_system": "epss", "scoring_elements": "0.63717", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1259" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339", "reference_id": "2072339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-1259", "reference_id": "CVE-2022-1259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2022-1259" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259", "reference_id": "CVE-2022-1259", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6821", "reference_id": "RHSA-2022:6821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6822", "reference_id": "RHSA-2022:6822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6823", "reference_id": "RHSA-2022:6823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6825", "reference_id": "RHSA-2022:6825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8761", "reference_id": "RHSA-2022:8761", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8761" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9582", "reference_id": "RHSA-2025:9582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582460?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final" } ], "aliases": [ "CVE-2022-1259" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ejv-4mka-6fe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219216?format=api", "vulnerability_id": "VCID-925s-414k-bybt", "summary": "A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37585", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37763", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37775", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10719" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0014" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0014/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459", "reference_id": "1828459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913", "reference_id": "969913", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913" }, { "reference_url": "https://github.com/advisories/GHSA-cccf-7xw3-p2vr", "reference_id": "GHSA-cccf-7xw3-p2vr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cccf-7xw3-p2vr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3585", "reference_id": "RHSA-2020:3585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3140", "reference_id": "RHSA-2021:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3140" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382423?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final" } ], "aliases": [ "CVE-2020-10719", "GHSA-cccf-7xw3-p2vr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-925s-414k-bybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210092?format=api", "vulnerability_id": "VCID-b827-wz12-qye3", "summary": "Undertow Request Smuggling vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78412", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.7849", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78494", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78479", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12165" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1251", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1251" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490301", "reference_id": "1490301", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490301" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338", "reference_id": "885338", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165", "reference_id": "CVE-2017-12165", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12165" }, { "reference_url": "https://github.com/advisories/GHSA-5gg7-5wv8-4gcj", "reference_id": "GHSA-5gg7-5wv8-4gcj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5gg7-5wv8-4gcj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1322", "reference_id": "RHSA-2018:1322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1322" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22018?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.3.31.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/14372?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.3.31", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/22019?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.17.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/14374?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/22047?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.0.Beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-5age-ykyt-ryex" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/22041?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-45bm-ykfp-dugb" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-y5uu-3hgq-6ud1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final" } ], "aliases": [ "CVE-2017-12165", "GHSA-5gg7-5wv8-4gcj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b827-wz12-qye3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210659?format=api", "vulnerability_id": "VCID-byes-xc7r-2fhs", "summary": "Undertow Uncontrolled Resource Consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.53173", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.53045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.53174", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.53188", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3629" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220729-0008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448", "reference_id": "1016448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629", "reference_id": "CVE-2021-3629", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629" }, { "reference_url": "https://github.com/advisories/GHSA-rf6q-vx79-mjxr", "reference_id": "GHSA-rf6q-vx79-mjxr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf6q-vx79-mjxr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4676", "reference_id": "RHSA-2021:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4677", "reference_id": "RHSA-2021:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4679", "reference_id": "RHSA-2021:4679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5149", "reference_id": "RHSA-2021:5149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5150", "reference_id": "RHSA-2021:5150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5151", "reference_id": "RHSA-2021:5151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5154", "reference_id": "RHSA-2021:5154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5170", "reference_id": "RHSA-2021:5170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0146", "reference_id": "RHSA-2022:0146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6407", "reference_id": "RHSA-2022:6407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24223?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.40.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/24228?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.11.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.11.Final" } ], "aliases": [ "CVE-2021-3629", "GHSA-rf6q-vx79-mjxr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-byes-xc7r-2fhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210658?format=api", "vulnerability_id": "VCID-c491-1k44-4qfg", "summary": "undertow Race Condition vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38112", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.37936", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38125", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38137", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220804-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220804-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220804-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220804-0003/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861", "reference_id": "989861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597", "reference_id": "CVE-2021-3597", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597" }, { "reference_url": "https://github.com/advisories/GHSA-mfhv-gwf8-4m88", "reference_id": "GHSA-mfhv-gwf8-4m88", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfhv-gwf8-4m88" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3466", "reference_id": "RHSA-2021:3466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3467", "reference_id": "RHSA-2021:3467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3468", "reference_id": "RHSA-2021:3468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3471", "reference_id": "RHSA-2021:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3516", "reference_id": "RHSA-2021:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3656", "reference_id": "RHSA-2021:3656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3658", "reference_id": "RHSA-2021:3658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3660", "reference_id": "RHSA-2021:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24218?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.39.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.39.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/24220?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.9.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.9.Final" } ], "aliases": [ "CVE-2021-3597", "GHSA-mfhv-gwf8-4m88" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c491-1k44-4qfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54204?format=api", "vulnerability_id": "VCID-dfpq-44kb-huew", "summary": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93281", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93256", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93278", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.9328", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1459" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1556", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1556" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2339", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-2339" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241122-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241122-0008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816", "reference_id": "1068816", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1459", "reference_id": "CVE-2024-1459", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "reference_id": "CVE-2024-1459", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" }, { "reference_url": "https://github.com/advisories/GHSA-v76w-3ph8-vm66", "reference_id": "GHSA-v76w-3ph8-vm66", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v76w-3ph8-vm66" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1674", "reference_id": "RHSA-2024:1674", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1675", "reference_id": "RHSA-2024:1675", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1676", "reference_id": "RHSA-2024:1676", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2763", "reference_id": "RHSA-2024:2763", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2764", "reference_id": "RHSA-2024:2764", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475", "reference_id": "show_bug.cgi?id=2259475", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28894?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.31.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.31.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/28893?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.12.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.12.Final" } ], "aliases": [ "CVE-2024-1459", "GHSA-v76w-3ph8-vm66" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfpq-44kb-huew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219214?format=api", "vulnerability_id": "VCID-e5cm-rtss-bbfc", "summary": "A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30964", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3116", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31176", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31159", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10687" }, { "reference_url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0015", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0015" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049", "reference_id": "1785049", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "reference_url": "https://github.com/advisories/GHSA-p9w3-gwc2-cr49", "reference_id": "GHSA-p9w3-gwc2-cr49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9w3-gwc2-cr49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3461", "reference_id": "RHSA-2020:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3462", "reference_id": "RHSA-2020:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3463", "reference_id": "RHSA-2020:3463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3464", "reference_id": "RHSA-2020:3464", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3464" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3501", "reference_id": "RHSA-2020:3501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3637", "reference_id": "RHSA-2020:3637", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3638", "reference_id": "RHSA-2020:3638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3639", "reference_id": "RHSA-2020:3639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3642", "reference_id": "RHSA-2020:3642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872", "reference_id": "RHSA-2021:0872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873", "reference_id": "RHSA-2021:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874", "reference_id": "RHSA-2021:0874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885", "reference_id": "RHSA-2021:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382473?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final" } ], "aliases": [ "CVE-2020-10687", "GHSA-p9w3-gwc2-cr49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e5cm-rtss-bbfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203783?format=api", "vulnerability_id": "VCID-f7x7-afrc-uqcm", "summary": "Credential exposure through log files in Undertow", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2439", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68669", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68571", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68661", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68674", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0019", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0019" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0019/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0019/" }, { "reference_url": "http://www.securityfocus.com/bid/108739", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/108739" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777", "reference_id": "1693777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693777" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349", "reference_id": "930349", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888", "reference_id": "CVE-2019-3888", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3888" }, { "reference_url": "https://github.com/advisories/GHSA-jwgx-9mmh-684w", "reference_id": "GHSA-jwgx-9mmh-684w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwgx-9mmh-684w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1419", "reference_id": "RHSA-2019:1419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1420", "reference_id": "RHSA-2019:1420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1421", "reference_id": "RHSA-2019:1421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1424", "reference_id": "RHSA-2019:1424", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1456", "reference_id": "RHSA-2019:1456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0727", "reference_id": "RHSA-2020:0727", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/391234?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.21.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/15384?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21" } ], "aliases": [ "CVE-2019-3888", "GHSA-jwgx-9mmh-684w" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7x7-afrc-uqcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111828?format=api", "vulnerability_id": "VCID-fdhy-cw72-57cd", "summary": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02234", "scoring_system": "epss", "scoring_elements": "0.84952", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02234", "scoring_system": "epss", "scoring_elements": "0.8496", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02234", "scoring_system": "epss", "scoring_elements": "0.84899", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9784" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1802", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1802" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1803", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1803" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1804" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1805", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1805" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784" }, { "reference_url": "https://www.kb.cert.org/vuls/id/767506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/767506" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694", "reference_id": "1117694", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1778", "reference_id": "1778", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://github.com/undertow-io/undertow/pull/1778" }, { "reference_url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final", "reference_id": "2.2.38.Final", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final" }, { "reference_url": "https://kb.cert.org/vuls/id/767506", "reference_id": "767506", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://kb.cert.org/vuls/id/767506" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4", "reference_id": "cpe:/a:redhat:apache_camel_hawtio:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14", "reference_id": "cpe:/a:redhat:apache_camel_spring_boot:4.14", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-9784", "reference_id": "CVE-2025-9784", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-9784" }, { "reference_url": "https://github.com/advisories/GHSA-95h4-w6j8-2rp8", "reference_id": "GHSA-95h4-w6j8-2rp8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95h4-w6j8-2rp8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23143", "reference_id": "RHSA-2025:23143", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0383", "reference_id": "RHSA-2026:0383", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0384", "reference_id": "RHSA-2026:0384", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0386", "reference_id": "RHSA-2026:0386", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3889", "reference_id": "RHSA-2026:3889", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3891", "reference_id": "RHSA-2026:3891", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3892", "reference_id": "RHSA-2026:3892", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4915", "reference_id": "RHSA-2026:4915", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4916", "reference_id": "RHSA-2026:4916", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4917", "reference_id": "RHSA-2026:4917", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4924", "reference_id": "RHSA-2026:4924", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4924" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306", "reference_id": "show_bug.cgi?id=2392306", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2598", "reference_id": "UNDERTOW-2598", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-2598" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376666?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.38.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.38.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/376667?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kdkn-2zrf-7ff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.20.Final" } ], "aliases": [ "CVE-2025-9784", "GHSA-95h4-w6j8-2rp8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdhy-cw72-57cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219221?format=api", "vulnerability_id": "VCID-gga8-ucqw-3bc7", "summary": "A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70139", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70229", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.70243", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.7024", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1319" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.redhat.com/browse/UNDERTOW-2060" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448", "reference_id": "1016448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", "reference_id": "2073890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-1319", "reference_id": "CVE-2022-1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "reference_id": "CVE-2022-1319", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8761", "reference_id": "RHSA-2022:8761", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8761" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1192649?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/580007?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.17.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/582460?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/580009?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final" } ], "aliases": [ "CVE-2022-1319" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gga8-ucqw-3bc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30644?format=api", "vulnerability_id": "VCID-ghz9-w5n1-zkdq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2643", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72719", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.7263", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72707", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72721", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1114" }, { "reference_url": "https://bugs.openjdk.java.net/browse/JDK-6956385", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.openjdk.java.net/browse/JDK-6956385" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64" }, { "reference_url": "https://issues.jboss.org/browse/UNDERTOW-1338", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/UNDERTOW-1338" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045", "reference_id": "1573045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573045" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247", "reference_id": "897247", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114", "reference_id": "CVE-2018-1114", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1114" }, { "reference_url": "https://github.com/advisories/GHSA-gjjx-gqm4-wcgm", "reference_id": "GHSA-gjjx-gqm4-wcgm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjjx-gqm4-wcgm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21981?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.25.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/390745?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/21984?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final" } ], "aliases": [ "CVE-2018-1114", "GHSA-gjjx-gqm4-wcgm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghz9-w5n1-zkdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85770?format=api", "vulnerability_id": "VCID-kdkn-2zrf-7ff1", "summary": "A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.66166", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.66271", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.66274", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00494", "scoring_system": "epss", "scoring_elements": "0.6626", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3260" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3260", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3260" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134949", "reference_id": "1134949", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134949" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4", "reference_id": "cpe:/a:redhat:apache_camel_hawtio:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4", "reference_id": "cpe:/a:redhat:camel_spring_boot:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-3260", "reference_id": "CVE-2026-3260", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:31:14Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-3260" }, { "reference_url": "https://github.com/advisories/GHSA-3x3v-w654-m28m", "reference_id": "GHSA-3x3v-w654-m28m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3x3v-w654-m28m" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443010", "reference_id": "show_bug.cgi?id=2443010", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:31:14Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443010" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35857?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.4.0.Beta1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.4.0.Beta1" } ], "aliases": [ "CVE-2026-3260", "GHSA-3x3v-w654-m28m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkn-2zrf-7ff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151594?format=api", "vulnerability_id": "VCID-kuft-1mgp-u3ep", "summary": "A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.71391", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.71291", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.7138", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.71393", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3223" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893", "reference_id": "1054893", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13", "reference_id": "cpe:/a:redhat:openstack-optools:13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.5", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3223", "reference_id": "CVE-2023-3223", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3223" }, { "reference_url": "https://github.com/advisories/GHSA-65h2-wf7m-q2v8", "reference_id": "GHSA-65h2-wf7m-q2v8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65h2-wf7m-q2v8" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0004/", "reference_id": "ntap-20231027-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4505", "reference_id": "RHSA-2023:4505", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4506", "reference_id": "RHSA-2023:4506", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4507", "reference_id": "RHSA-2023:4507", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4509", "reference_id": "RHSA-2023:4509", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4918", "reference_id": "RHSA-2023:4918", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4919", "reference_id": "RHSA-2023:4919", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4920", "reference_id": "RHSA-2023:4920", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4921", "reference_id": "RHSA-2023:4921", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4924", "reference_id": "RHSA-2023:4924", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7247", "reference_id": "RHSA-2023:7247", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3354", "reference_id": "RHSA-2024:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", "reference_id": "show_bug.cgi?id=2209689", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379736?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.24.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final" } ], "aliases": [ "CVE-2023-3223", "GHSA-65h2-wf7m-q2v8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuft-1mgp-u3ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144759?format=api", "vulnerability_id": "VCID-m2ne-5zum-tqbn", "summary": "A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.69077", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.69082", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.6907", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68978", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1108" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1457", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1457" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231020-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231020-0002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253", "reference_id": "1033253", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2", "reference_id": "cpe:/a:redhat:camel_quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13", "reference_id": "cpe:/a:redhat:openstack:13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-1108", "reference_id": "CVE-2023-1108", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-1108" }, { "reference_url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78", "reference_id": "GHSA-m4mm-pg93-fv78", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231020-0002/", "reference_id": "ntap-20231020-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231020-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1184", "reference_id": "RHSA-2023:1184", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1185", "reference_id": "RHSA-2023:1185", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1512", "reference_id": "RHSA-2023:1512", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1513", "reference_id": "RHSA-2023:1513", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1514", "reference_id": "RHSA-2023:1514", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1516", "reference_id": "RHSA-2023:1516", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2135", "reference_id": "RHSA-2023:2135", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "RHSA-2023:3883", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "RHSA-2023:3884", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "RHSA-2023:3885", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "RHSA-2023:3888", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "RHSA-2023:3892", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3954", "reference_id": "RHSA-2023:3954", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4612", "reference_id": "RHSA-2023:4612", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4612" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", "reference_id": "show_bug.cgi?id=2174246", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379736?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.24.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/379735?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final" } ], "aliases": [ "CVE-2023-1108", "GHSA-m4mm-pg93-fv78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ne-5zum-tqbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209467?format=api", "vulnerability_id": "VCID-m4a2-8fwt-bbb8", "summary": "Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66952", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.66967", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0051", "scoring_system": "epss", "scoring_elements": "0.6686", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1048" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1534343" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928", "reference_id": "891928", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1048", "reference_id": "CVE-2018-1048", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1048" }, { "reference_url": "https://github.com/advisories/GHSA-prfw-3qx6-g9xr", "reference_id": "GHSA-prfw-3qx6-g9xr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prfw-3qx6-g9xr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0478", "reference_id": "RHSA-2018:0478", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0479", "reference_id": "RHSA-2018:0479", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0480", "reference_id": "RHSA-2018:0480", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0481", "reference_id": "RHSA-2018:0481", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0481" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22047?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.0.Beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-5age-ykyt-ryex" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1" } ], "aliases": [ "CVE-2018-1048", "GHSA-prfw-3qx6-g9xr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4a2-8fwt-bbb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133494?format=api", "vulnerability_id": "VCID-mz7z-tp7n-3qhd", "summary": "A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.36854", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37032", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37059", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055", "reference_id": "1059055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5379", "reference_id": "CVE-2023-5379", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-5379" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", "reference_id": "CVE-2023-5379", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9582", "reference_id": "RHSA-2025:9582", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", "reference_id": "show_bug.cgi?id=2242099", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372859?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.11.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.11.Final" } ], "aliases": [ "CVE-2023-5379" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mz7z-tp7n-3qhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204276?format=api", "vulnerability_id": "VCID-sg32-tewt-ckan", "summary": "Potential to access user credentials from the log files when debug logging enabled", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2998" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.64077", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63974", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.64088", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.6409", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0017" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0017/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0017/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1731984", "reference_id": "1731984", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1731984" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10212", "reference_id": "CVE-2019-10212", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10212" }, { "reference_url": "https://github.com/advisories/GHSA-8vh8-vc28-m2hf", "reference_id": "GHSA-8vh8-vc28-m2hf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8vh8-vc28-m2hf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2935", "reference_id": "RHSA-2019:2935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2936", "reference_id": "RHSA-2019:2936", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2937", "reference_id": "RHSA-2019:2937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2938", "reference_id": "RHSA-2019:2938", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2938" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3050", "reference_id": "RHSA-2019:3050", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3050" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0727", "reference_id": "RHSA-2020:0727", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/443288?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/15802?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20" } ], "aliases": [ "CVE-2019-10212", "GHSA-8vh8-vc28-m2hf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sg32-tewt-ckan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144850?format=api", "vulnerability_id": "VCID-u62g-ukw7-5uf2", "summary": "A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.73172", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.7308", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.73158", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.73173", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1973" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815", "reference_id": "1068815", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-1973", "reference_id": "CVE-2023-1973", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "reference_url": "https://github.com/advisories/GHSA-97cq-f4jm-mv8h", "reference_id": "GHSA-97cq-f4jm-mv8h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97cq-f4jm-mv8h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1674", "reference_id": "RHSA-2024:1674", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1675", "reference_id": "RHSA-2024:1675", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1676", "reference_id": "RHSA-2024:1676", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1677", "reference_id": "RHSA-2024:1677", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2763", "reference_id": "RHSA-2024:2763", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2764", "reference_id": "RHSA-2024:2764", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9583", "reference_id": "RHSA-2025:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662", "reference_id": "show_bug.cgi?id=2185662", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372916?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.32.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.32.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/372917?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.13.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.13.Final" } ], "aliases": [ "CVE-2023-1973", "GHSA-97cq-f4jm-mv8h" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u62g-ukw7-5uf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219219?format=api", "vulnerability_id": "VCID-uymv-k8py-mfa9", "summary": "A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39701", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39872", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39896", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39885", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20220" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0013" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0013/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133", "reference_id": "1923133", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "reference_url": "https://github.com/advisories/GHSA-qjwc-v72v-fq6r", "reference_id": "GHSA-qjwc-v72v-fq6r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjwc-v72v-fq6r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872", "reference_id": "RHSA-2021:0872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873", "reference_id": "RHSA-2021:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874", "reference_id": "RHSA-2021:0874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885", "reference_id": "RHSA-2021:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2210", "reference_id": "RHSA-2021:2210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2755", "reference_id": "RHSA-2021:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2755" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/458725?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.34.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/383379?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/469553?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/383378?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6" } ], "aliases": [ "CVE-2021-20220", "GHSA-qjwc-v72v-fq6r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uymv-k8py-mfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219217?format=api", "vulnerability_id": "VCID-xdvz-febf-ybgz", "summary": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70903", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.70994", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.71006", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00636", "scoring_system": "epss", "scoring_elements": "0.71003", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1745" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745" }, { "reference_url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "reference_url": "https://www.cnvd.org.cn/webinfo/show/5415", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "reference_url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305", "reference_id": "1807305", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "reference_url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "reference_id": "CVE-2020-1938-APACHE-TOMCAT-AJP-CONNECTOR-REMOTE-CODE-EXECUTION-VULNERABILITY-ALERT", "reference_type": "", "scores": [], "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "reference_url": "https://github.com/advisories/GHSA-gv2w-88hx-8m9r", "reference_id": "GHSA-gv2w-88hx-8m9r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gv2w-88hx-8m9r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0812", "reference_id": "RHSA-2020:0812", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0813", "reference_id": "RHSA-2020:0813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0952", "reference_id": "RHSA-2020:0952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0961", "reference_id": "RHSA-2020:0961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0962", "reference_id": "RHSA-2020:0962", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0962" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2333", "reference_id": "RHSA-2020:2333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2367", "reference_id": "RHSA-2020:2367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/386608?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.30", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/458721?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.30.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final" } ], "aliases": [ "CVE-2020-1745", "GHSA-gv2w-88hx-8m9r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdvz-febf-ybgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30560?format=api", "vulnerability_id": "VCID-y5uu-3hgq-6ud1", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1247", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1248", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1249", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1249" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1251", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2643", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:2643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0877", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0877" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70786", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70685", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70775", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00626", "scoring_system": "epss", "scoring_elements": "0.70788", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671", "reference_id": "1550671", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550671" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323", "reference_id": "900323", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067", "reference_id": "CVE-2018-1067", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1067" }, { "reference_url": "https://github.com/advisories/GHSA-47mp-rq2x-wjf2", "reference_id": "GHSA-47mp-rq2x-wjf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47mp-rq2x-wjf2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2562", "reference_id": "RHSA-2020:2562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21981?format=api", "purl": "pkg:maven/io.undertow/undertow-core@1.4.25.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-ghz9-w5n1-zkdq" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-m4a2-8fwt-bbb8" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yes8-5q2e-4bg1" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/21984?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nxp-wx8c-a7gx" }, { "vulnerability": "VCID-26ru-xpcj-7bcz" }, { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-c491-1k44-4qfg" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-f7x7-afrc-uqcm" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-sg32-tewt-ckan" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-uymv-k8py-mfa9" }, { "vulnerability": "VCID-xdvz-febf-ybgz" }, { "vulnerability": "VCID-yymt-yakb-z3hx" }, { "vulnerability": "VCID-z4ev-4e89-jucp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final" } ], "aliases": [ "CVE-2018-1067", "GHSA-47mp-rq2x-wjf2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uu-3hgq-6ud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211041?format=api", "vulnerability_id": "VCID-yymt-yakb-z3hx", "summary": "Undertow vulnerable to Denial of Service (DoS) attacks", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48846", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48861", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48842", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48705", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1296" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1979", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1979" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221201-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221201-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221201-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221201-0004/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983", "reference_id": "1015983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-3859", "reference_id": "CVE-2021-3859", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-3859" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3859", "reference_id": "CVE-2021-3859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2021-3859" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", "reference_id": "CVE-2021-3859", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859" }, { "reference_url": "https://github.com/advisories/GHSA-339q-62wm-c39w", "reference_id": "GHSA-339q-62wm-c39w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-339q-62wm-c39w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0400", "reference_id": "RHSA-2022:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0401", "reference_id": "RHSA-2022:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0404", "reference_id": "RHSA-2022:0404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0405", "reference_id": "RHSA-2022:0405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0406", "reference_id": "RHSA-2022:0406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0407", "reference_id": "RHSA-2022:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0408", "reference_id": "RHSA-2022:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0409", "reference_id": "RHSA-2022:0409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0410", "reference_id": "RHSA-2022:0410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0415", "reference_id": "RHSA-2022:0415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10207", "reference_id": "RHSA-2024:10207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/580005?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.15.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.15.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/25370?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.15" } ], "aliases": [ "CVE-2021-3859", "GHSA-339q-62wm-c39w", "GMS-2022-2963" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yymt-yakb-z3hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211040?format=api", "vulnerability_id": "VCID-z4ev-4e89-jucp", "summary": "Undertow vulnerable to memory exhaustion due to buffer leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5851", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58392", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58504", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5852", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1935" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3690", "reference_id": "CVE-2021-3690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3690" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690", "reference_id": "CVE-2021-3690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690" }, { "reference_url": "https://www.mend.io/vulnerability-database/CVE-2021-3690", "reference_id": "CVE-2021-3690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mend.io/vulnerability-database/CVE-2021-3690" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3", "reference_id": "CVE-2021-3690#CVE-CVSS-V3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3" }, { "reference_url": "https://github.com/advisories/GHSA-fj7c-vg2v-ccrm", "reference_id": "GHSA-fj7c-vg2v-ccrm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fj7c-vg2v-ccrm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3216", "reference_id": "RHSA-2021:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3217", "reference_id": "RHSA-2021:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3218", "reference_id": "RHSA-2021:3218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3219", "reference_id": "RHSA-2021:3219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3466", "reference_id": "RHSA-2021:3466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3467", "reference_id": "RHSA-2021:3467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3468", "reference_id": "RHSA-2021:3468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3471", "reference_id": "RHSA-2021:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3516", "reference_id": "RHSA-2021:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3656", "reference_id": "RHSA-2021:3656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3658", "reference_id": "RHSA-2021:3658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3660", "reference_id": "RHSA-2021:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1029", "reference_id": "RHSA-2022:1029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4226", "reference_id": "RHSA-2025:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4226" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/24223?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.40.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3cek-y62u-7qas" }, { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-4yb5-81eu-qubq" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-925s-414k-bybt" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-e5cm-rtss-bbfc" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/25366?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.40", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/24227?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4u9y-nd98-z7fr" }, { "vulnerability": "VCID-6bhd-zdh5-5qgz" }, { "vulnerability": "VCID-6dvp-ddvr-abh8" }, { "vulnerability": "VCID-7ejv-4mka-6fe6" }, { "vulnerability": "VCID-byes-xc7r-2fhs" }, { "vulnerability": "VCID-dfpq-44kb-huew" }, { "vulnerability": "VCID-fdhy-cw72-57cd" }, { "vulnerability": "VCID-gga8-ucqw-3bc7" }, { "vulnerability": "VCID-kdkn-2zrf-7ff1" }, { "vulnerability": "VCID-kuft-1mgp-u3ep" }, { "vulnerability": "VCID-m2ne-5zum-tqbn" }, { "vulnerability": "VCID-mz7z-tp7n-3qhd" }, { "vulnerability": "VCID-u62g-ukw7-5uf2" }, { "vulnerability": "VCID-yymt-yakb-z3hx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/25369?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10" } ], "aliases": [ "CVE-2021-3690", "GHSA-fj7c-vg2v-ccrm", "GMS-2022-2964" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ev-4e89-jucp" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.0.Beta9" }