Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@2.1.0
Typemaven
Namespaceio.undertow
Nameundertow-core
Version2.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.20.Final
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-14ff-vn3t-vyhy
vulnerability_id VCID-14ff-vn3t-vyhy
summary 
Undertow vulnerable to memory exhaustion due to buffer leak
Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3690
2
reference_url https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3690
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51106
published_at 2026-04-01T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51239
published_at 2026-04-16T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.512
published_at 2026-04-13T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51214
published_at 2026-04-12T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51236
published_at 2026-04-11T12:55:00Z
5
value 0.00278
scoring_system epss
scoring_elements 0.51195
published_at 2026-04-08T12:55:00Z
6
value 0.00278
scoring_system epss
scoring_elements 0.51141
published_at 2026-04-07T12:55:00Z
7
value 0.00278
scoring_system epss
scoring_elements 0.51183
published_at 2026-04-04T12:55:00Z
8
value 0.00278
scoring_system epss
scoring_elements 0.51159
published_at 2026-04-02T12:55:00Z
9
value 0.00278
scoring_system epss
scoring_elements 0.51192
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3690
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1991299
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1991299
5
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
6
reference_url https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877
7
reference_url https://issues.redhat.com/browse/UNDERTOW-1935
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1935
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3690
9
reference_url https://www.mend.io/vulnerability-database/CVE-2021-3690
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mend.io/vulnerability-database/CVE-2021-3690
10
reference_url https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
reference_id GHSA-fj7c-vg2v-ccrm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fj7c-vg2v-ccrm
11
reference_url https://access.redhat.com/errata/RHSA-2021:3216
reference_id RHSA-2021:3216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3216
12
reference_url https://access.redhat.com/errata/RHSA-2021:3217
reference_id RHSA-2021:3217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3217
13
reference_url https://access.redhat.com/errata/RHSA-2021:3218
reference_id RHSA-2021:3218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3218
14
reference_url https://access.redhat.com/errata/RHSA-2021:3219
reference_id RHSA-2021:3219
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3219
15
reference_url https://access.redhat.com/errata/RHSA-2021:3425
reference_id RHSA-2021:3425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3425
16
reference_url https://access.redhat.com/errata/RHSA-2021:3466
reference_id RHSA-2021:3466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3466
17
reference_url https://access.redhat.com/errata/RHSA-2021:3467
reference_id RHSA-2021:3467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3467
18
reference_url https://access.redhat.com/errata/RHSA-2021:3468
reference_id RHSA-2021:3468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3468
19
reference_url https://access.redhat.com/errata/RHSA-2021:3471
reference_id RHSA-2021:3471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3471
20
reference_url https://access.redhat.com/errata/RHSA-2021:3516
reference_id RHSA-2021:3516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3516
21
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
22
reference_url https://access.redhat.com/errata/RHSA-2021:3656
reference_id RHSA-2021:3656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3656
23
reference_url https://access.redhat.com/errata/RHSA-2021:3658
reference_id RHSA-2021:3658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3658
24
reference_url https://access.redhat.com/errata/RHSA-2021:3660
reference_id RHSA-2021:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3660
25
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
26
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
27
reference_url https://access.redhat.com/errata/RHSA-2022:1029
reference_id RHSA-2022:1029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1029
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.10
purl pkg:maven/io.undertow/undertow-core@2.2.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10
1
url pkg:maven/io.undertow/undertow-core@2.2.10.Final
purl pkg:maven/io.undertow/undertow-core@2.2.10.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-4v1f-kt5y-w7d1
3
vulnerability VCID-5585-a76n-zubf
4
vulnerability VCID-62gn-nwup-8uat
5
vulnerability VCID-7yc7-e35f-8uhj
6
vulnerability VCID-93ut-2de3-ckc5
7
vulnerability VCID-cf5j-2dz8-7bbu
8
vulnerability VCID-ns3p-22xg-q3bz
9
vulnerability VCID-usz2-tufg-k7gz
10
vulnerability VCID-xftw-raz7-b7e1
11
vulnerability VCID-xme8-usmd-vqg3
12
vulnerability VCID-yn69-8upm-7yc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10.Final
aliases CVE-2021-3690, GHSA-fj7c-vg2v-ccrm, GMS-2022-2964
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-14ff-vn3t-vyhy
1
url VCID-beaj-uk9m-17be
vulnerability_id VCID-beaj-uk9m-17be
summary 
Denial of service in Undertow
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-27782
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39924
published_at 2026-04-16T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39873
published_at 2026-04-13T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39893
published_at 2026-04-12T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.399
published_at 2026-04-02T12:55:00Z
4
value 0.00182
scoring_system epss
scoring_elements 0.39751
published_at 2026-04-01T12:55:00Z
5
value 0.00182
scoring_system epss
scoring_elements 0.39928
published_at 2026-04-11T12:55:00Z
6
value 0.00182
scoring_system epss
scoring_elements 0.39918
published_at 2026-04-09T12:55:00Z
7
value 0.00182
scoring_system epss
scoring_elements 0.39905
published_at 2026-04-08T12:55:00Z
8
value 0.00182
scoring_system epss
scoring_elements 0.3985
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-27782
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1901304
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1901304
3
reference_url https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90
4
reference_url https://issues.redhat.com/browse/UNDERTOW-1813
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1813
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-27782
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-27782
6
reference_url https://github.com/advisories/GHSA-rhcw-wjcm-9h6g
reference_id GHSA-rhcw-wjcm-9h6g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rhcw-wjcm-9h6g
7
reference_url https://access.redhat.com/errata/RHSA-2021:0246
reference_id RHSA-2021:0246
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0246
8
reference_url https://access.redhat.com/errata/RHSA-2021:0247
reference_id RHSA-2021:0247
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0247
9
reference_url https://access.redhat.com/errata/RHSA-2021:0248
reference_id RHSA-2021:0248
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0248
10
reference_url https://access.redhat.com/errata/RHSA-2021:0250
reference_id RHSA-2021:0250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0250
11
reference_url https://access.redhat.com/errata/RHSA-2021:0295
reference_id RHSA-2021:0295
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0295
12
reference_url https://access.redhat.com/errata/RHSA-2021:0327
reference_id RHSA-2021:0327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0327
13
reference_url https://access.redhat.com/errata/RHSA-2021:3205
reference_id RHSA-2021:3205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3205
14
reference_url https://access.redhat.com/errata/RHSA-2021:3207
reference_id RHSA-2021:3207
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3207
15
reference_url https://access.redhat.com/errata/RHSA-2021:3425
reference_id RHSA-2021:3425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3425
16
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.5
purl pkg:maven/io.undertow/undertow-core@2.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-beaj-uk9m-17be
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.5
1
url pkg:maven/io.undertow/undertow-core@2.1.6.Final
purl pkg:maven/io.undertow/undertow-core@2.1.6.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14ff-vn3t-vyhy
1
vulnerability VCID-1vrj-chs2-d3ab
2
vulnerability VCID-2cv5-9v62-kfbm
3
vulnerability VCID-4v1f-kt5y-w7d1
4
vulnerability VCID-5585-a76n-zubf
5
vulnerability VCID-62gn-nwup-8uat
6
vulnerability VCID-73st-24ck-uydb
7
vulnerability VCID-7yc7-e35f-8uhj
8
vulnerability VCID-93ut-2de3-ckc5
9
vulnerability VCID-cf5j-2dz8-7bbu
10
vulnerability VCID-gsr8-1dea-effx
11
vulnerability VCID-ns3p-22xg-q3bz
12
vulnerability VCID-usz2-tufg-k7gz
13
vulnerability VCID-xftw-raz7-b7e1
14
vulnerability VCID-xme8-usmd-vqg3
15
vulnerability VCID-yn69-8upm-7yc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final
2
url pkg:maven/io.undertow/undertow-core@2.2.4.Final
purl pkg:maven/io.undertow/undertow-core@2.2.4.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14ff-vn3t-vyhy
1
vulnerability VCID-1vrj-chs2-d3ab
2
vulnerability VCID-2cv5-9v62-kfbm
3
vulnerability VCID-4v1f-kt5y-w7d1
4
vulnerability VCID-5585-a76n-zubf
5
vulnerability VCID-62gn-nwup-8uat
6
vulnerability VCID-7yc7-e35f-8uhj
7
vulnerability VCID-93ut-2de3-ckc5
8
vulnerability VCID-cf5j-2dz8-7bbu
9
vulnerability VCID-gsr8-1dea-effx
10
vulnerability VCID-ns3p-22xg-q3bz
11
vulnerability VCID-usz2-tufg-k7gz
12
vulnerability VCID-xftw-raz7-b7e1
13
vulnerability VCID-xme8-usmd-vqg3
14
vulnerability VCID-yn69-8upm-7yc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.4.Final
aliases CVE-2020-27782, GHSA-rhcw-wjcm-9h6g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-beaj-uk9m-17be
2
url VCID-bpuw-kn4r-6kau
vulnerability_id VCID-bpuw-kn4r-6kau
summary 
HTTP request smuggling in Undertow
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39916
published_at 2026-04-16T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39866
published_at 2026-04-13T12:55:00Z
2
value 0.00182
scoring_system epss
scoring_elements 0.39886
published_at 2026-04-12T12:55:00Z
3
value 0.00182
scoring_system epss
scoring_elements 0.3992
published_at 2026-04-04T12:55:00Z
4
value 0.00182
scoring_system epss
scoring_elements 0.39892
published_at 2026-04-02T12:55:00Z
5
value 0.00182
scoring_system epss
scoring_elements 0.39843
published_at 2026-04-07T12:55:00Z
6
value 0.00182
scoring_system epss
scoring_elements 0.39921
published_at 2026-04-11T12:55:00Z
7
value 0.00182
scoring_system epss
scoring_elements 0.39911
published_at 2026-04-09T12:55:00Z
8
value 0.00182
scoring_system epss
scoring_elements 0.39744
published_at 2026-04-01T12:55:00Z
9
value 0.00182
scoring_system epss
scoring_elements 0.39898
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20220
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1923133
3
reference_url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20220
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0013
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0013
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0013/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0013/
7
reference_url https://github.com/advisories/GHSA-qjwc-v72v-fq6r
reference_id GHSA-qjwc-v72v-fq6r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjwc-v72v-fq6r
8
reference_url https://access.redhat.com/errata/RHSA-2021:0872
reference_id RHSA-2021:0872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0872
9
reference_url https://access.redhat.com/errata/RHSA-2021:0873
reference_id RHSA-2021:0873
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0873
10
reference_url https://access.redhat.com/errata/RHSA-2021:0874
reference_id RHSA-2021:0874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0874
11
reference_url https://access.redhat.com/errata/RHSA-2021:0885
reference_id RHSA-2021:0885
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0885
12
reference_url https://access.redhat.com/errata/RHSA-2021:0974
reference_id RHSA-2021:0974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0974
13
reference_url https://access.redhat.com/errata/RHSA-2021:2210
reference_id RHSA-2021:2210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2210
14
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.6
purl pkg:maven/io.undertow/undertow-core@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6
1
url pkg:maven/io.undertow/undertow-core@2.1.6.Final
purl pkg:maven/io.undertow/undertow-core@2.1.6.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14ff-vn3t-vyhy
1
vulnerability VCID-1vrj-chs2-d3ab
2
vulnerability VCID-2cv5-9v62-kfbm
3
vulnerability VCID-4v1f-kt5y-w7d1
4
vulnerability VCID-5585-a76n-zubf
5
vulnerability VCID-62gn-nwup-8uat
6
vulnerability VCID-73st-24ck-uydb
7
vulnerability VCID-7yc7-e35f-8uhj
8
vulnerability VCID-93ut-2de3-ckc5
9
vulnerability VCID-cf5j-2dz8-7bbu
10
vulnerability VCID-gsr8-1dea-effx
11
vulnerability VCID-ns3p-22xg-q3bz
12
vulnerability VCID-usz2-tufg-k7gz
13
vulnerability VCID-xftw-raz7-b7e1
14
vulnerability VCID-xme8-usmd-vqg3
15
vulnerability VCID-yn69-8upm-7yc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final
aliases CVE-2021-20220, GHSA-qjwc-v72v-fq6r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpuw-kn4r-6kau
3
url VCID-gsr8-1dea-effx
vulnerability_id VCID-gsr8-1dea-effx
summary 
undertow Race Condition vulnerability
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3597
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.38201
published_at 2026-04-16T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38066
published_at 2026-04-01T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38246
published_at 2026-04-02T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38269
published_at 2026-04-04T12:55:00Z
4
value 0.00169
scoring_system epss
scoring_elements 0.38138
published_at 2026-04-07T12:55:00Z
5
value 0.00169
scoring_system epss
scoring_elements 0.38188
published_at 2026-04-08T12:55:00Z
6
value 0.00169
scoring_system epss
scoring_elements 0.38196
published_at 2026-04-09T12:55:00Z
7
value 0.00169
scoring_system epss
scoring_elements 0.38215
published_at 2026-04-11T12:55:00Z
8
value 0.00169
scoring_system epss
scoring_elements 0.38179
published_at 2026-04-12T12:55:00Z
9
value 0.00169
scoring_system epss
scoring_elements 0.38155
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3597
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1970930
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1970930
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3597
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3597
5
reference_url https://security.netapp.com/advisory/ntap-20220804-0003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220804-0003
6
reference_url https://security.netapp.com/advisory/ntap-20220804-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220804-0003/
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
reference_id 989861
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861
8
reference_url https://github.com/advisories/GHSA-mfhv-gwf8-4m88
reference_id GHSA-mfhv-gwf8-4m88
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfhv-gwf8-4m88
9
reference_url https://access.redhat.com/errata/RHSA-2021:3466
reference_id RHSA-2021:3466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3466
10
reference_url https://access.redhat.com/errata/RHSA-2021:3467
reference_id RHSA-2021:3467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3467
11
reference_url https://access.redhat.com/errata/RHSA-2021:3468
reference_id RHSA-2021:3468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3468
12
reference_url https://access.redhat.com/errata/RHSA-2021:3471
reference_id RHSA-2021:3471
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3471
13
reference_url https://access.redhat.com/errata/RHSA-2021:3516
reference_id RHSA-2021:3516
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3516
14
reference_url https://access.redhat.com/errata/RHSA-2021:3534
reference_id RHSA-2021:3534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3534
15
reference_url https://access.redhat.com/errata/RHSA-2021:3656
reference_id RHSA-2021:3656
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3656
16
reference_url https://access.redhat.com/errata/RHSA-2021:3658
reference_id RHSA-2021:3658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3658
17
reference_url https://access.redhat.com/errata/RHSA-2021:3660
reference_id RHSA-2021:3660
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3660
18
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
19
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.9.Final
purl pkg:maven/io.undertow/undertow-core@2.2.9.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-14ff-vn3t-vyhy
1
vulnerability VCID-1vrj-chs2-d3ab
2
vulnerability VCID-2cv5-9v62-kfbm
3
vulnerability VCID-4v1f-kt5y-w7d1
4
vulnerability VCID-5585-a76n-zubf
5
vulnerability VCID-62gn-nwup-8uat
6
vulnerability VCID-7yc7-e35f-8uhj
7
vulnerability VCID-93ut-2de3-ckc5
8
vulnerability VCID-cf5j-2dz8-7bbu
9
vulnerability VCID-ns3p-22xg-q3bz
10
vulnerability VCID-usz2-tufg-k7gz
11
vulnerability VCID-xftw-raz7-b7e1
12
vulnerability VCID-xme8-usmd-vqg3
13
vulnerability VCID-yn69-8upm-7yc2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.9.Final
aliases CVE-2021-3597, GHSA-mfhv-gwf8-4m88
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsr8-1dea-effx
4
url VCID-yn69-8upm-7yc2
vulnerability_id VCID-yn69-8upm-7yc2
summary 
Undertow Uncontrolled Resource Consumption
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3629
reference_id
reference_type
scores
0
value 0.00293
scoring_system epss
scoring_elements 0.5271
published_at 2026-04-16T12:55:00Z
1
value 0.00293
scoring_system epss
scoring_elements 0.52571
published_at 2026-04-01T12:55:00Z
2
value 0.00293
scoring_system epss
scoring_elements 0.52615
published_at 2026-04-02T12:55:00Z
3
value 0.00293
scoring_system epss
scoring_elements 0.52641
published_at 2026-04-04T12:55:00Z
4
value 0.00293
scoring_system epss
scoring_elements 0.52607
published_at 2026-04-07T12:55:00Z
5
value 0.00293
scoring_system epss
scoring_elements 0.52658
published_at 2026-04-08T12:55:00Z
6
value 0.00293
scoring_system epss
scoring_elements 0.52653
published_at 2026-04-09T12:55:00Z
7
value 0.00293
scoring_system epss
scoring_elements 0.52704
published_at 2026-04-11T12:55:00Z
8
value 0.00293
scoring_system epss
scoring_elements 0.52687
published_at 2026-04-12T12:55:00Z
9
value 0.00293
scoring_system epss
scoring_elements 0.52671
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3629
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1977362
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1977362
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3629
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3629
5
reference_url https://security.netapp.com/advisory/ntap-20220729-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220729-0008
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
reference_id 1016448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
7
reference_url https://github.com/advisories/GHSA-rf6q-vx79-mjxr
reference_id GHSA-rf6q-vx79-mjxr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rf6q-vx79-mjxr
8
reference_url https://access.redhat.com/errata/RHSA-2021:4676
reference_id RHSA-2021:4676
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4676
9
reference_url https://access.redhat.com/errata/RHSA-2021:4677
reference_id RHSA-2021:4677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4677
10
reference_url https://access.redhat.com/errata/RHSA-2021:4679
reference_id RHSA-2021:4679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4679
11
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
12
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
13
reference_url https://access.redhat.com/errata/RHSA-2021:5149
reference_id RHSA-2021:5149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5149
14
reference_url https://access.redhat.com/errata/RHSA-2021:5150
reference_id RHSA-2021:5150
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5150
15
reference_url https://access.redhat.com/errata/RHSA-2021:5151
reference_id RHSA-2021:5151
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5151
16
reference_url https://access.redhat.com/errata/RHSA-2021:5154
reference_id RHSA-2021:5154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5154
17
reference_url https://access.redhat.com/errata/RHSA-2021:5170
reference_id RHSA-2021:5170
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5170
18
reference_url https://access.redhat.com/errata/RHSA-2022:0146
reference_id RHSA-2022:0146
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0146
19
reference_url https://access.redhat.com/errata/RHSA-2022:1179
reference_id RHSA-2022:1179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1179
20
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
21
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.2.11.Final
purl pkg:maven/io.undertow/undertow-core@2.2.11.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vrj-chs2-d3ab
1
vulnerability VCID-2cv5-9v62-kfbm
2
vulnerability VCID-4v1f-kt5y-w7d1
3
vulnerability VCID-5585-a76n-zubf
4
vulnerability VCID-62gn-nwup-8uat
5
vulnerability VCID-7yc7-e35f-8uhj
6
vulnerability VCID-93ut-2de3-ckc5
7
vulnerability VCID-cf5j-2dz8-7bbu
8
vulnerability VCID-ns3p-22xg-q3bz
9
vulnerability VCID-usz2-tufg-k7gz
10
vulnerability VCID-xftw-raz7-b7e1
11
vulnerability VCID-xme8-usmd-vqg3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.11.Final
aliases CVE-2021-3629, GHSA-rf6q-vx79-mjxr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yn69-8upm-7yc2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0