Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@2.0.5.Final
Typemaven
Namespaceio.undertow
Nameundertow-core
Version2.0.5.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.5
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-4gjh-hhzw-jyda
vulnerability_id VCID-4gjh-hhzw-jyda
summary 
Inclusion of Sensitive Information in Log Files
A flaw was found in the Undertow DEBUG log for `io.undertow.request.security`. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
1
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63867
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0017
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1731984
reference_id 1731984
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1731984
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
reference_id CVE-2019-10212
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.20.Final
purl pkg:maven/io.undertow/undertow-core@2.0.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4qfb-8hen-qkc7
1
vulnerability VCID-63qx-1wuv-qufb
2
vulnerability VCID-641y-uckh-gfen
3
vulnerability VCID-qbnn-jmjd-qqbx
4
vulnerability VCID-rxsj-32jz-wugq
5
vulnerability VCID-uenh-qgna-t7c4
6
vulnerability VCID-w6r9-g7sc-y3ed
7
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.20
purl pkg:maven/io.undertow/undertow-core@2.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20
aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gjh-hhzw-jyda
1
url VCID-4qfb-8hen-qkc7
vulnerability_id VCID-4qfb-8hen-qkc7
summary 
Uncontrolled Resource Consumption
A vulnerability was found in the Undertow HTTP server when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47618
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
4
reference_url https://security.netapp.com/advisory/ntap-20220211-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220211-0001
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1772464
reference_id 1772464
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1772464
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
reference_id CVE-2019-14888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
7
reference_url https://access.redhat.com/errata/RHSA-2020:2067
reference_id RHSA-2020:2067
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2067
8
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
9
reference_url https://access.redhat.com/errata/RHSA-2020:2367
reference_id RHSA-2020:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2367
10
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
11
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.29.Final
purl pkg:maven/io.undertow/undertow-core@2.0.29.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63qx-1wuv-qufb
1
vulnerability VCID-641y-uckh-gfen
2
vulnerability VCID-qbnn-jmjd-qqbx
3
vulnerability VCID-rxsj-32jz-wugq
4
vulnerability VCID-uenh-qgna-t7c4
5
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final
aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfb-8hen-qkc7
2
url VCID-63qx-1wuv-qufb
vulnerability_id VCID-63qx-1wuv-qufb
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37499
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
3
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1828459
reference_id 1828459
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1828459
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
reference_id 969913
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
reference_id CVE-2020-10719
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
7
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
8
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
9
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
10
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
11
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
12
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
13
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
14
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
15
reference_url https://access.redhat.com/errata/RHSA-2020:2813
reference_id RHSA-2020:2813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2813
16
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
17
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
18
reference_url https://access.redhat.com/errata/RHSA-2021:3140
reference_id RHSA-2021:3140
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3140
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.1.Final
purl pkg:maven/io.undertow/undertow-core@2.1.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-641y-uckh-gfen
1
vulnerability VCID-qbnn-jmjd-qqbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final
aliases CVE-2020-10719, GHSA-cccf-7xw3-p2vr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63qx-1wuv-qufb
3
url VCID-641y-uckh-gfen
vulnerability_id VCID-641y-uckh-gfen
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39604
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
3
reference_url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0013
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0013
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
reference_id CVE-2021-20220
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
6
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
7
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
8
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
9
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
10
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
11
reference_url https://access.redhat.com/errata/RHSA-2021:2210
reference_id RHSA-2021:2210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2210
12
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.34.Final
purl pkg:maven/io.undertow/undertow-core@2.0.34.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63qx-1wuv-qufb
1
vulnerability VCID-qbnn-jmjd-qqbx
2
vulnerability VCID-rxsj-32jz-wugq
3
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.34
purl pkg:maven/io.undertow/undertow-core@2.0.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34
2
url pkg:maven/io.undertow/undertow-core@2.1.6.Final
purl pkg:maven/io.undertow/undertow-core@2.1.6.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qbnn-jmjd-qqbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final
3
url pkg:maven/io.undertow/undertow-core@2.1.6
purl pkg:maven/io.undertow/undertow-core@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6
aliases CVE-2021-20220, GHSA-qjwc-v72v-fq6r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-641y-uckh-gfen
4
url VCID-kkn4-9xex-fyb7
vulnerability_id VCID-kkn4-9xex-fyb7
summary 
Information Exposure
An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
5
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
6
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
7
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72565
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
reference_id 1628702
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id 911796
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
reference_id CVE-2018-14642
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.15.Final
purl pkg:maven/io.undertow/undertow-core@2.0.15.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-63qx-1wuv-qufb
3
vulnerability VCID-641y-uckh-gfen
4
vulnerability VCID-qbnn-jmjd-qqbx
5
vulnerability VCID-rxsj-32jz-wugq
6
vulnerability VCID-uenh-qgna-t7c4
7
vulnerability VCID-w6r9-g7sc-y3ed
8
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.15
purl pkg:maven/io.undertow/undertow-core@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15
2
url pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
purl pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkn4-9xex-fyb7
5
url VCID-qbnn-jmjd-qqbx
vulnerability_id VCID-qbnn-jmjd-qqbx
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
A flaw was discovered in all versions of Undertow before Undertow Final, where HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10687
reference_id
reference_type
scores
0
value 0.00123
scoring_system epss
scoring_elements 0.30933
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10687
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1785049
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1785049
3
reference_url https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0015
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0015
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10687
reference_id CVE-2020-10687
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10687
6
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
7
reference_url https://access.redhat.com/errata/RHSA-2020:3461
reference_id RHSA-2020:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3461
8
reference_url https://access.redhat.com/errata/RHSA-2020:3462
reference_id RHSA-2020:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3462
9
reference_url https://access.redhat.com/errata/RHSA-2020:3463
reference_id RHSA-2020:3463
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3463
10
reference_url https://access.redhat.com/errata/RHSA-2020:3464
reference_id RHSA-2020:3464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3464
11
reference_url https://access.redhat.com/errata/RHSA-2020:3501
reference_id RHSA-2020:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3501
12
reference_url https://access.redhat.com/errata/RHSA-2020:3637
reference_id RHSA-2020:3637
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3637
13
reference_url https://access.redhat.com/errata/RHSA-2020:3638
reference_id RHSA-2020:3638
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3638
14
reference_url https://access.redhat.com/errata/RHSA-2020:3639
reference_id RHSA-2020:3639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3639
15
reference_url https://access.redhat.com/errata/RHSA-2020:3642
reference_id RHSA-2020:3642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3642
16
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
17
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
18
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
19
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.0.Final
purl pkg:maven/io.undertow/undertow-core@2.2.0.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final
aliases CVE-2020-10687, GHSA-p9w3-gwc2-cr49
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qbnn-jmjd-qqbx
6
url VCID-rxsj-32jz-wugq
vulnerability_id VCID-rxsj-32jz-wugq
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
A flaw was discovered in Undertow where certain requests to the `Expect: ` header may cause an out of memory error. This flaw may potentially lead to a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53544
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
3
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
reference_id CVE-2020-10705
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
5
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
6
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
7
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
8
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
9
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
10
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
11
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
12
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
13
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
14
reference_url https://access.redhat.com/errata/RHSA-2020:3585
reference_id RHSA-2020:3585
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3585
15
reference_url https://access.redhat.com/errata/RHSA-2025:16668
reference_id RHSA-2025:16668
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16668
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.1.Final
purl pkg:maven/io.undertow/undertow-core@2.1.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-641y-uckh-gfen
1
vulnerability VCID-qbnn-jmjd-qqbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final
aliases CVE-2020-10705, GHSA-g4cp-h53p-v3v8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsj-32jz-wugq
7
url VCID-uenh-qgna-t7c4
vulnerability_id VCID-uenh-qgna-t7c4
summary 
False Positive
This advisory has been marked as a false positive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
reference_id
reference_type
scores
0
value 0.00636
scoring_system epss
scoring_elements 0.70802
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
3
reference_url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
4
reference_url https://www.cnvd.org.cn/webinfo/show/5415
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cnvd.org.cn/webinfo/show/5415
5
reference_url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1807305
reference_id 1807305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1807305
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
reference_id CVE-2020-1745
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
8
reference_url https://access.redhat.com/errata/RHSA-2020:0812
reference_id RHSA-2020:0812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0812
9
reference_url https://access.redhat.com/errata/RHSA-2020:0813
reference_id RHSA-2020:0813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0813
10
reference_url https://access.redhat.com/errata/RHSA-2020:0952
reference_id RHSA-2020:0952
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0952
11
reference_url https://access.redhat.com/errata/RHSA-2020:0961
reference_id RHSA-2020:0961
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0961
12
reference_url https://access.redhat.com/errata/RHSA-2020:0962
reference_id RHSA-2020:0962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0962
13
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
14
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
15
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
16
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
17
reference_url https://access.redhat.com/errata/RHSA-2020:2333
reference_id RHSA-2020:2333
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2333
18
reference_url https://access.redhat.com/errata/RHSA-2020:2367
reference_id RHSA-2020:2367
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2367
19
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
20
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
21
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
22
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
23
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
24
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
25
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
26
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.30.Final
purl pkg:maven/io.undertow/undertow-core@2.0.30.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63qx-1wuv-qufb
1
vulnerability VCID-641y-uckh-gfen
2
vulnerability VCID-qbnn-jmjd-qqbx
3
vulnerability VCID-rxsj-32jz-wugq
4
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.30
purl pkg:maven/io.undertow/undertow-core@2.0.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30
aliases CVE-2020-1745, GHSA-gv2w-88hx-8m9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uenh-qgna-t7c4
8
url VCID-w6r9-g7sc-y3ed
vulnerability_id VCID-w6r9-g7sc-y3ed
summary 
Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
1
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68469
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0019
6
reference_url http://www.securityfocus.com/bid/108739
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108739
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
reference_id 1693777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id 930349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
reference_id CVE-2019-3888
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
10
reference_url https://access.redhat.com/errata/RHSA-2019:1419
reference_id RHSA-2019:1419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1419
11
reference_url https://access.redhat.com/errata/RHSA-2019:1420
reference_id RHSA-2019:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1420
12
reference_url https://access.redhat.com/errata/RHSA-2019:1421
reference_id RHSA-2019:1421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1421
13
reference_url https://access.redhat.com/errata/RHSA-2019:1424
reference_id RHSA-2019:1424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1424
14
reference_url https://access.redhat.com/errata/RHSA-2019:2439
reference_id RHSA-2019:2439
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2439
15
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.21.Final
purl pkg:maven/io.undertow/undertow-core@2.0.21.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4qfb-8hen-qkc7
1
vulnerability VCID-63qx-1wuv-qufb
2
vulnerability VCID-641y-uckh-gfen
3
vulnerability VCID-qbnn-jmjd-qqbx
4
vulnerability VCID-rxsj-32jz-wugq
5
vulnerability VCID-uenh-qgna-t7c4
6
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.21
purl pkg:maven/io.undertow/undertow-core@2.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21
aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6r9-g7sc-y3ed
9
url VCID-zhjh-bx17-pkdc
vulnerability_id VCID-zhjh-bx17-pkdc
summary 
Improper Input Validation
A flaw was found in undertow, where the Servlet container causes `servletPath` to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64649
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1752770
reference_id 1752770
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1752770
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
reference_id CVE-2020-1757
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
5
reference_url https://access.redhat.com/errata/RHSA-2020:2058
reference_id RHSA-2020:2058
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2058
6
reference_url https://access.redhat.com/errata/RHSA-2020:2059
reference_id RHSA-2020:2059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2059
7
reference_url https://access.redhat.com/errata/RHSA-2020:2060
reference_id RHSA-2020:2060
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2060
8
reference_url https://access.redhat.com/errata/RHSA-2020:2061
reference_id RHSA-2020:2061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2061
9
reference_url https://access.redhat.com/errata/RHSA-2020:2112
reference_id RHSA-2020:2112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2112
10
reference_url https://access.redhat.com/errata/RHSA-2020:2511
reference_id RHSA-2020:2511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2511
11
reference_url https://access.redhat.com/errata/RHSA-2020:2512
reference_id RHSA-2020:2512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2512
12
reference_url https://access.redhat.com/errata/RHSA-2020:2513
reference_id RHSA-2020:2513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2513
13
reference_url https://access.redhat.com/errata/RHSA-2020:2515
reference_id RHSA-2020:2515
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2515
14
reference_url https://access.redhat.com/errata/RHSA-2020:2905
reference_id RHSA-2020:2905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2905
15
reference_url https://access.redhat.com/errata/RHSA-2020:3192
reference_id RHSA-2020:3192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3192
16
reference_url https://access.redhat.com/errata/RHSA-2020:3779
reference_id RHSA-2020:3779
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3779
17
reference_url https://access.redhat.com/errata/RHSA-2024:5856
reference_id RHSA-2024:5856
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5856
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.0.Final
purl pkg:maven/io.undertow/undertow-core@2.1.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63qx-1wuv-qufb
1
vulnerability VCID-641y-uckh-gfen
2
vulnerability VCID-qbnn-jmjd-qqbx
3
vulnerability VCID-rxsj-32jz-wugq
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final
1
url pkg:maven/io.undertow/undertow-core@2.1.0
purl pkg:maven/io.undertow/undertow-core@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-641y-uckh-gfen
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0
aliases CVE-2020-1757, GHSA-2w73-fqqj-c92p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhjh-bx17-pkdc
Fixing_vulnerabilities
0
url VCID-4zav-auak-8qbu
vulnerability_id VCID-4zav-auak-8qbu
summary 
Uncontrolled Resource Consumption
It was found that `URLResource.getLastModified()` in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.7254
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
5
reference_url https://bugs.openjdk.java.net/browse/JDK-6956385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.openjdk.java.net/browse/JDK-6956385
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
7
reference_url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
8
reference_url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
9
reference_url https://issues.jboss.org/browse/UNDERTOW-1338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1338
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1573045
reference_id 1573045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1573045
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
reference_id 897247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
reference_id CVE-2018-1114
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-kkn4-9xex-fyb7
7
vulnerability VCID-qbnn-jmjd-qqbx
8
vulnerability VCID-rxsj-32jz-wugq
9
vulnerability VCID-uenh-qgna-t7c4
10
vulnerability VCID-w6r9-g7sc-y3ed
11
vulnerability VCID-wncj-73h2-y3cw
12
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-63qx-1wuv-qufb
3
vulnerability VCID-641y-uckh-gfen
4
vulnerability VCID-kkn4-9xex-fyb7
5
vulnerability VCID-qbnn-jmjd-qqbx
6
vulnerability VCID-rxsj-32jz-wugq
7
vulnerability VCID-uenh-qgna-t7c4
8
vulnerability VCID-w6r9-g7sc-y3ed
9
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
2
url pkg:maven/io.undertow/undertow-core@2.0.5
purl pkg:maven/io.undertow/undertow-core@2.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5
aliases CVE-2018-1114, GHSA-gjjx-gqm4-wcgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zav-auak-8qbu
1
url VCID-xdmu-mgga-xuf2
vulnerability_id VCID-xdmu-mgga-xuf2
summary 
HTTP Response Splitting
Undertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1247
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1247
1
reference_url https://access.redhat.com/errata/RHSA-2018:1248
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1248
2
reference_url https://access.redhat.com/errata/RHSA-2018:1249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1249
3
reference_url https://access.redhat.com/errata/RHSA-2018:1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1251
4
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
5
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70581
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
9
reference_url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
10
reference_url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1550671
reference_id 1550671
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1550671
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
reference_id 900323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
reference_id CVE-2018-1067
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
14
reference_url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
reference_id GHSA-47mp-rq2x-wjf2
reference_type
scores
url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
15
reference_url https://access.redhat.com/errata/RHSA-2020:2562
reference_id RHSA-2020:2562
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2562
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-387y-knja-ukh8
1
vulnerability VCID-4gjh-hhzw-jyda
2
vulnerability VCID-4qfb-8hen-qkc7
3
vulnerability VCID-4zav-auak-8qbu
4
vulnerability VCID-63qx-1wuv-qufb
5
vulnerability VCID-641y-uckh-gfen
6
vulnerability VCID-kkn4-9xex-fyb7
7
vulnerability VCID-qbnn-jmjd-qqbx
8
vulnerability VCID-rxsj-32jz-wugq
9
vulnerability VCID-uenh-qgna-t7c4
10
vulnerability VCID-w6r9-g7sc-y3ed
11
vulnerability VCID-wncj-73h2-y3cw
12
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4gjh-hhzw-jyda
1
vulnerability VCID-4qfb-8hen-qkc7
2
vulnerability VCID-63qx-1wuv-qufb
3
vulnerability VCID-641y-uckh-gfen
4
vulnerability VCID-kkn4-9xex-fyb7
5
vulnerability VCID-qbnn-jmjd-qqbx
6
vulnerability VCID-rxsj-32jz-wugq
7
vulnerability VCID-uenh-qgna-t7c4
8
vulnerability VCID-w6r9-g7sc-y3ed
9
vulnerability VCID-zhjh-bx17-pkdc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
aliases CVE-2018-1067, GHSA-47mp-rq2x-wjf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdmu-mgga-xuf2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final