Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@2.3.0
Typemaven
Namespaceio.undertow
Nameundertow-core
Version2.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.20.Final
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-4v1f-kt5y-w7d1
vulnerability_id VCID-4v1f-kt5y-w7d1
summary Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2764
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57338
published_at 2026-04-04T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57314
published_at 2026-04-07T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57366
published_at 2026-04-08T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57368
published_at 2026-04-16T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57383
published_at 2026-04-11T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57363
published_at 2026-04-18T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57342
published_at 2026-04-21T12:55:00Z
7
value 0.00521
scoring_system epss
scoring_elements 0.66803
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2764
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2117506
reference_id 2117506
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2117506
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2764
reference_id CVE-2022-2764
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-2764
4
reference_url https://access.redhat.com/errata/RHSA-2022:8790
reference_id RHSA-2022:8790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8790
5
reference_url https://access.redhat.com/errata/RHSA-2022:8791
reference_id RHSA-2022:8791
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8791
6
reference_url https://access.redhat.com/errata/RHSA-2022:8792
reference_id RHSA-2022:8792
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8792
7
reference_url https://access.redhat.com/errata/RHSA-2022:8793
reference_id RHSA-2022:8793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8793
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.3.1.Final
purl pkg:maven/io.undertow/undertow-core@2.3.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-5585-a76n-zubf
3
vulnerability VCID-ns3p-22xg-q3bz
4
vulnerability VCID-usz2-tufg-k7gz
5
vulnerability VCID-xme8-usmd-vqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final
aliases CVE-2022-2764
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v1f-kt5y-w7d1
1
url VCID-93ut-2de3-ckc5
vulnerability_id VCID-93ut-2de3-ckc5
summary undertow: Double AJP response for 400 from EAP 7 results in CPING failures
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1319
reference_id
reference_type
scores
0
value 0.01193
scoring_system epss
scoring_elements 0.78805
published_at 2026-04-01T12:55:00Z
1
value 0.01193
scoring_system epss
scoring_elements 0.78812
published_at 2026-04-02T12:55:00Z
2
value 0.01193
scoring_system epss
scoring_elements 0.78841
published_at 2026-04-04T12:55:00Z
3
value 0.01193
scoring_system epss
scoring_elements 0.78825
published_at 2026-04-07T12:55:00Z
4
value 0.01193
scoring_system epss
scoring_elements 0.7885
published_at 2026-04-08T12:55:00Z
5
value 0.01193
scoring_system epss
scoring_elements 0.78856
published_at 2026-04-09T12:55:00Z
6
value 0.01193
scoring_system epss
scoring_elements 0.78879
published_at 2026-04-18T12:55:00Z
7
value 0.01193
scoring_system epss
scoring_elements 0.78862
published_at 2026-04-12T12:55:00Z
8
value 0.01193
scoring_system epss
scoring_elements 0.78853
published_at 2026-04-13T12:55:00Z
9
value 0.01193
scoring_system epss
scoring_elements 0.78881
published_at 2026-04-16T12:55:00Z
10
value 0.01193
scoring_system epss
scoring_elements 0.78875
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1319
2
reference_url https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b
3
reference_url https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3
4
reference_url https://issues.redhat.com/browse/UNDERTOW-2060
reference_id
reference_type
scores
url https://issues.redhat.com/browse/UNDERTOW-2060
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id 1016448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2073890
reference_id 2073890
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2073890
7
reference_url https://access.redhat.com/security/cve/CVE-2022-1319
reference_id CVE-2022-1319
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2022-1319
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1319
reference_id CVE-2022-1319
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1319
9
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
10
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
11
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
12
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
13
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
14
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
15
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
16
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
17
reference_url https://access.redhat.com/errata/RHSA-2022:8761
reference_id RHSA-2022:8761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8761
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.3.1.Final
purl pkg:maven/io.undertow/undertow-core@2.3.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-5585-a76n-zubf
3
vulnerability VCID-ns3p-22xg-q3bz
4
vulnerability VCID-usz2-tufg-k7gz
5
vulnerability VCID-xme8-usmd-vqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final
aliases CVE-2022-1319
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93ut-2de3-ckc5
2
url VCID-jz3d-vvfb-jfbw
vulnerability_id VCID-jz3d-vvfb-jfbw
summary 
Undertow client not checking server identity presented by server certificate in https connections
The undertow client is not checking the server identity presented by the server certificate in https connections. This should be performed by default in https and in http/2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4492.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4492
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36274
published_at 2026-04-11T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36188
published_at 2026-04-21T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.3624
published_at 2026-04-18T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36256
published_at 2026-04-16T12:55:00Z
4
value 0.00155
scoring_system epss
scoring_elements 0.36213
published_at 2026-04-13T12:55:00Z
5
value 0.00155
scoring_system epss
scoring_elements 0.36333
published_at 2026-04-02T12:55:00Z
6
value 0.00155
scoring_system epss
scoring_elements 0.36237
published_at 2026-04-12T12:55:00Z
7
value 0.00155
scoring_system epss
scoring_elements 0.36366
published_at 2026-04-04T12:55:00Z
8
value 0.00155
scoring_system epss
scoring_elements 0.36201
published_at 2026-04-07T12:55:00Z
9
value 0.00155
scoring_system epss
scoring_elements 0.36251
published_at 2026-04-08T12:55:00Z
10
value 0.00155
scoring_system epss
scoring_elements 0.36269
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4492
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153260
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2153260
3
reference_url https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/security/impl/ClientCertAuthenticationMechanism.java
4
reference_url https://github.com/undertow-io/undertow/pull/1447
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1447
5
reference_url https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1447/commits/e5071e52b72529a14d3ec436ae7102cea5d918c4
6
reference_url https://github.com/undertow-io/undertow/pull/1457
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457
7
reference_url https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457/commits/a4d3b167126a803cc4f7fb740dd9a6ecabf59342
8
reference_url https://issues.redhat.com/browse/MTA-93
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/MTA-93
9
reference_url https://issues.redhat.com/browse/UNDERTOW-2212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2212
10
reference_url https://security.netapp.com/advisory/ntap-20230324-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230324-0002
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
reference_id 1032087
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032087
12
reference_url https://access.redhat.com/security/cve/CVE-2022-4492
reference_id CVE-2022-4492
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://access.redhat.com/security/cve/CVE-2022-4492
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4492
reference_id CVE-2022-4492
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4492
14
reference_url https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
reference_id GHSA-pfcc-3g6r-8rg8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfcc-3g6r-8rg8
15
reference_url https://security.netapp.com/advisory/ntap-20230324-0002/
reference_id ntap-20230324-0002
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:33:53Z/
url https://security.netapp.com/advisory/ntap-20230324-0002/
16
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
17
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
18
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
19
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
20
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
21
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
22
reference_url https://access.redhat.com/errata/RHSA-2023:3813
reference_id RHSA-2023:3813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3813
23
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
24
reference_url https://access.redhat.com/errata/RHSA-2023:4983
reference_id RHSA-2023:4983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4983
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.3.5.Final
purl pkg:maven/io.undertow/undertow-core@2.3.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-5585-a76n-zubf
3
vulnerability VCID-ns3p-22xg-q3bz
4
vulnerability VCID-xme8-usmd-vqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final
aliases CVE-2022-4492, GHSA-pfcc-3g6r-8rg8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jz3d-vvfb-jfbw
3
url VCID-usz2-tufg-k7gz
vulnerability_id VCID-usz2-tufg-k7gz
summary 
Undertow denial of service vulnerability
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:1184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1184
1
reference_url https://access.redhat.com/errata/RHSA-2023:1185
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1185
2
reference_url https://access.redhat.com/errata/RHSA-2023:1512
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1512
3
reference_url https://access.redhat.com/errata/RHSA-2023:1513
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1513
4
reference_url https://access.redhat.com/errata/RHSA-2023:1514
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1514
5
reference_url https://access.redhat.com/errata/RHSA-2023:1516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:1516
6
reference_url https://access.redhat.com/errata/RHSA-2023:2135
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:2135
7
reference_url https://access.redhat.com/errata/RHSA-2023:3883
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3883
8
reference_url https://access.redhat.com/errata/RHSA-2023:3884
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3884
9
reference_url https://access.redhat.com/errata/RHSA-2023:3885
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3885
10
reference_url https://access.redhat.com/errata/RHSA-2023:3888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3888
11
reference_url https://access.redhat.com/errata/RHSA-2023:3892
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3892
12
reference_url https://access.redhat.com/errata/RHSA-2023:3954
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:3954
13
reference_url https://access.redhat.com/errata/RHSA-2023:4612
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/errata/RHSA-2023:4612
14
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json
15
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1108
reference_id
reference_type
scores
0
value 0.00567
scoring_system epss
scoring_elements 0.68533
published_at 2026-04-21T12:55:00Z
1
value 0.00567
scoring_system epss
scoring_elements 0.68457
published_at 2026-04-02T12:55:00Z
2
value 0.00567
scoring_system epss
scoring_elements 0.68476
published_at 2026-04-04T12:55:00Z
3
value 0.00567
scoring_system epss
scoring_elements 0.68452
published_at 2026-04-07T12:55:00Z
4
value 0.00567
scoring_system epss
scoring_elements 0.68503
published_at 2026-04-08T12:55:00Z
5
value 0.00567
scoring_system epss
scoring_elements 0.6852
published_at 2026-04-09T12:55:00Z
6
value 0.00567
scoring_system epss
scoring_elements 0.68546
published_at 2026-04-11T12:55:00Z
7
value 0.00567
scoring_system epss
scoring_elements 0.68534
published_at 2026-04-12T12:55:00Z
8
value 0.00567
scoring_system epss
scoring_elements 0.68502
published_at 2026-04-13T12:55:00Z
9
value 0.00567
scoring_system epss
scoring_elements 0.68542
published_at 2026-04-16T12:55:00Z
10
value 0.00567
scoring_system epss
scoring_elements 0.68555
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1108
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2174246
17
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
18
reference_url https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78
19
reference_url https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be
20
reference_url https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d
21
reference_url https://github.com/undertow-io/undertow/pull/1457
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1457
22
reference_url https://security.netapp.com/advisory/ntap-20231020-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231020-0002
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
reference_id 1033253
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
reference_id cpe:/a:redhat:camel_quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
reference_id cpe:/a:redhat:integration:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
reference_id cpe:/a:redhat:jboss_data_grid:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
reference_id cpe:/a:redhat:jboss_data_grid:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_id cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
reference_id cpe:/a:redhat:jboss_fuse:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
reference_id cpe:/a:redhat:jboss_fuse:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
reference_id cpe:/a:redhat:openshift_application_runtimes:1.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
reference_id cpe:/a:redhat:openstack:13
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id cpe:/a:redhat:quarkus:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6.4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_id cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
reference_id cpe:/a:redhat:rhosemc:1.0::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
reference_id cpe:/a:redhat:service_registry:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2
45
reference_url https://access.redhat.com/security/cve/CVE-2023-1108
reference_id CVE-2023-1108
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://access.redhat.com/security/cve/CVE-2023-1108
46
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1108
reference_id CVE-2023-1108
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1108
47
reference_url https://github.com/advisories/GHSA-m4mm-pg93-fv78
reference_id GHSA-m4mm-pg93-fv78
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://github.com/advisories/GHSA-m4mm-pg93-fv78
48
reference_url https://security.netapp.com/advisory/ntap-20231020-0002/
reference_id ntap-20231020-0002
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/
url https://security.netapp.com/advisory/ntap-20231020-0002/
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.3.5.Final
purl pkg:maven/io.undertow/undertow-core@2.3.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-5585-a76n-zubf
3
vulnerability VCID-ns3p-22xg-q3bz
4
vulnerability VCID-xme8-usmd-vqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final
aliases CVE-2023-1108, GHSA-m4mm-pg93-fv78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-usz2-tufg-k7gz
4
url VCID-xftw-raz7-b7e1
vulnerability_id VCID-xftw-raz7-b7e1
summary 
Undertow vulnerable to Dos via Large AJP request
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2053
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.53771
published_at 2026-04-21T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.53788
published_at 2026-04-18T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.53784
published_at 2026-04-16T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.53747
published_at 2026-04-13T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.53763
published_at 2026-04-12T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.53681
published_at 2026-04-07T12:55:00Z
6
value 0.00305
scoring_system epss
scoring_elements 0.53682
published_at 2026-04-02T12:55:00Z
7
value 0.00305
scoring_system epss
scoring_elements 0.53709
published_at 2026-04-04T12:55:00Z
8
value 0.00305
scoring_system epss
scoring_elements 0.5378
published_at 2026-04-11T12:55:00Z
9
value 0.00305
scoring_system epss
scoring_elements 0.53731
published_at 2026-04-09T12:55:00Z
10
value 0.00305
scoring_system epss
scoring_elements 0.53733
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2053
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/pull/1350
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/1350
5
reference_url https://issues.redhat.com/browse/UNDERTOW-2133
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-2133
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2053
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2053
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2095862
reference_id 2095862
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2095862
8
reference_url https://github.com/advisories/GHSA-95rf-557x-44g5
reference_id GHSA-95rf-557x-44g5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-95rf-557x-44g5
9
reference_url https://access.redhat.com/errata/RHSA-2022:6821
reference_id RHSA-2022:6821
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6821
10
reference_url https://access.redhat.com/errata/RHSA-2022:6822
reference_id RHSA-2022:6822
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6822
11
reference_url https://access.redhat.com/errata/RHSA-2022:6823
reference_id RHSA-2022:6823
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6823
12
reference_url https://access.redhat.com/errata/RHSA-2022:6825
reference_id RHSA-2022:6825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6825
13
reference_url https://access.redhat.com/errata/RHSA-2022:8652
reference_id RHSA-2022:8652
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8652
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.3.1.Final
purl pkg:maven/io.undertow/undertow-core@2.3.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-5585-a76n-zubf
3
vulnerability VCID-ns3p-22xg-q3bz
4
vulnerability VCID-usz2-tufg-k7gz
5
vulnerability VCID-xme8-usmd-vqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final
aliases CVE-2022-2053, GHSA-95rf-557x-44g5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xftw-raz7-b7e1
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.0