Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@1.0.0.Beta3
Typemaven
Namespaceio.undertow
Nameundertow-core
Version1.0.0.Beta3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.9.Final
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-2nyw-aps1-s3ft
vulnerability_id VCID-2nyw-aps1-s3ft
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
reference_id
reference_type
scores
0
value 0.00636
scoring_system epss
scoring_elements 0.70754
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1745
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745
2
reference_url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1745
4
reference_url https://www.cnvd.org.cn/webinfo/show/5415
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cnvd.org.cn/webinfo/show/5415
5
reference_url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.30
purl pkg:maven/io.undertow/undertow-core@2.0.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30
1
url pkg:maven/io.undertow/undertow-core@2.0.30.Final
purl pkg:maven/io.undertow/undertow-core@2.0.30.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9cfx-e4jz-h7c1
1
vulnerability VCID-tbh6-rhwv-wfcm
2
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final
aliases CVE-2020-1745, GHSA-gv2w-88hx-8m9r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nyw-aps1-s3ft
1
url VCID-7afz-fgkz-f3fd
vulnerability_id VCID-7afz-fgkz-f3fd
summary 
Information Exposure
An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
5
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
6
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
7
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72506
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id 911796
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
reference_id CVE-2018-14642
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
12
reference_url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
reference_id GHSA-vf6r-mmhc-3xcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.15.Final
purl pkg:maven/io.undertow/undertow-core@2.0.15.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-9cfx-e4jz-h7c1
2
vulnerability VCID-d135-ye4c-57ec
3
vulnerability VCID-ehrd-7nff-ryh9
4
vulnerability VCID-tbh6-rhwv-wfcm
5
vulnerability VCID-ww1g-jbj2-2ubu
6
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.15
purl pkg:maven/io.undertow/undertow-core@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15
2
url pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
purl pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7afz-fgkz-f3fd
2
url VCID-8tag-j15y-s3bv
vulnerability_id VCID-8tag-j15y-s3bv
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.72482
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
4
reference_url https://bugs.openjdk.java.net/browse/JDK-6956385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.openjdk.java.net/browse/JDK-6956385
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
6
reference_url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
7
reference_url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
8
reference_url https://issues.jboss.org/browse/UNDERTOW-1338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1338
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
reference_id 897247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
reference_id CVE-2018-1114
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
11
reference_url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
reference_id GHSA-gjjx-gqm4-wcgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-9cfx-e4jz-h7c1
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-tbh6-rhwv-wfcm
8
vulnerability VCID-ug8z-4ece-hfdw
9
vulnerability VCID-ww1g-jbj2-2ubu
10
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5
purl pkg:maven/io.undertow/undertow-core@2.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5
2
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-9cfx-e4jz-h7c1
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-tbh6-rhwv-wfcm
6
vulnerability VCID-ww1g-jbj2-2ubu
7
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
aliases CVE-2018-1114, GHSA-gjjx-gqm4-wcgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tag-j15y-s3bv
3
url VCID-91gu-393b-qfhn
vulnerability_id VCID-91gu-393b-qfhn
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://access.redhat.com/errata/RHSA-2018:1525
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1525
5
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
6
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67564
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
9
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
10
reference_url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
11
reference_url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
12
reference_url https://issues.jboss.org/browse/UNDERTOW-1190
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1190
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
reference_id CVE-2017-12196
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
14
reference_url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
reference_id GHSA-cp7v-vmv7-6x2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.19.Final
purl pkg:maven/io.undertow/undertow-core@1.4.19.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-9cfx-e4jz-h7c1
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-s4zw-6yd3-qfb7
8
vulnerability VCID-tbh6-rhwv-wfcm
9
vulnerability VCID-ug8z-4ece-hfdw
10
vulnerability VCID-ww1g-jbj2-2ubu
11
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.24.Final
purl pkg:maven/io.undertow/undertow-core@1.4.24.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-9cfx-e4jz-h7c1
5
vulnerability VCID-ctw5-1q7n-b7bk
6
vulnerability VCID-d135-ye4c-57ec
7
vulnerability VCID-ehrd-7nff-ryh9
8
vulnerability VCID-s4zw-6yd3-qfb7
9
vulnerability VCID-tbh6-rhwv-wfcm
10
vulnerability VCID-ug8z-4ece-hfdw
11
vulnerability VCID-ww1g-jbj2-2ubu
12
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final
2
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-9cfx-e4jz-h7c1
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-tbh6-rhwv-wfcm
8
vulnerability VCID-ug8z-4ece-hfdw
9
vulnerability VCID-ww1g-jbj2-2ubu
10
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
3
url pkg:maven/io.undertow/undertow-core@2.0.2.FInal
purl pkg:maven/io.undertow/undertow-core@2.0.2.FInal
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2.FInal
4
url pkg:maven/io.undertow/undertow-core@2.0.3.Final
purl pkg:maven/io.undertow/undertow-core@2.0.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-9cfx-e4jz-h7c1
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-s4zw-6yd3-qfb7
7
vulnerability VCID-tbh6-rhwv-wfcm
8
vulnerability VCID-ww1g-jbj2-2ubu
9
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final
aliases CVE-2017-12196, GHSA-cp7v-vmv7-6x2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91gu-393b-qfhn
4
url VCID-9cfx-e4jz-h7c1
vulnerability_id VCID-9cfx-e4jz-h7c1
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64614
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1757
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1757
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.0.Final
purl pkg:maven/io.undertow/undertow-core@2.1.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ctza-pmb9-zybt
1
vulnerability VCID-tbh6-rhwv-wfcm
2
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final
1
url pkg:maven/io.undertow/undertow-core@2.1.0
purl pkg:maven/io.undertow/undertow-core@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b3a-8rvb-ckfv
1
vulnerability VCID-gncz-crbm-fqfn
2
vulnerability VCID-jrdf-tcdd-nkf4
3
vulnerability VCID-tpf6-c7pv-sqds
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0
aliases CVE-2020-1757, GHSA-2w73-fqqj-c92p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9cfx-e4jz-h7c1
5
url VCID-d135-ye4c-57ec
vulnerability_id VCID-d135-ye4c-57ec
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
1
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63834
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0017
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0017/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0017/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
reference_id CVE-2019-10212
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
7
reference_url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
reference_id GHSA-8vh8-vc28-m2hf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.20.Final
purl pkg:maven/io.undertow/undertow-core@2.0.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-9cfx-e4jz-h7c1
2
vulnerability VCID-ehrd-7nff-ryh9
3
vulnerability VCID-tbh6-rhwv-wfcm
4
vulnerability VCID-ww1g-jbj2-2ubu
5
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.20
purl pkg:maven/io.undertow/undertow-core@2.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20
aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d135-ye4c-57ec
6
url VCID-ehrd-7nff-ryh9
vulnerability_id VCID-ehrd-7nff-ryh9
summary 
Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2439
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2439
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68417
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0019
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0019/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0019/
7
reference_url http://www.securityfocus.com/bid/108739
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108739
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id 930349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
reference_id CVE-2019-3888
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
10
reference_url https://github.com/advisories/GHSA-jwgx-9mmh-684w
reference_id GHSA-jwgx-9mmh-684w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwgx-9mmh-684w
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.21
purl pkg:maven/io.undertow/undertow-core@2.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21
1
url pkg:maven/io.undertow/undertow-core@2.0.21.Final
purl pkg:maven/io.undertow/undertow-core@2.0.21.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-9cfx-e4jz-h7c1
2
vulnerability VCID-tbh6-rhwv-wfcm
3
vulnerability VCID-ww1g-jbj2-2ubu
4
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final
aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehrd-7nff-ryh9
7
url VCID-fnhp-xcc6-7ygg
vulnerability_id VCID-fnhp-xcc6-7ygg
summary 
Information disclosure via directory traversal
Directory traversal vulnerability in this package when running on Windows, allows remote attackers to read arbitrary files via a `..` in a resource URI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7816
reference_id
reference_type
scores
0
value 0.55155
scoring_system epss
scoring_elements 0.98099
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7816
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1157478
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1157478
2
reference_url http://seclists.org/oss-sec/2014/q4/830
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2014/q4/830
3
reference_url https://issues.jboss.org/browse/UNDERTOW-338
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-338
4
reference_url https://issues.jboss.org/browse/WFLY-4020
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/WFLY-4020
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7816
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7816
6
reference_url http://www.securityfocus.com/bid/71328
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/71328
7
reference_url https://bugzilla.redhat.com/CVE-2014-7816
reference_id CVE-2014-7816
reference_type
scores
url https://bugzilla.redhat.com/CVE-2014-7816
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.0.17
purl pkg:maven/io.undertow/undertow-core@1.0.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.17
1
url pkg:maven/io.undertow/undertow-core@1.0.17.Final
purl pkg:maven/io.undertow/undertow-core@1.0.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-9cfx-e4jz-h7c1
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-fx5j-2na1-hfcu
8
vulnerability VCID-nftp-q5a9-eqdn
9
vulnerability VCID-s4zw-6yd3-qfb7
10
vulnerability VCID-tbh6-rhwv-wfcm
11
vulnerability VCID-ug8z-4ece-hfdw
12
vulnerability VCID-ww1g-jbj2-2ubu
13
vulnerability VCID-xb2n-a5w7-g7cx
14
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.17.Final
2
url pkg:maven/io.undertow/undertow-core@1.1.0.CR5
purl pkg:maven/io.undertow/undertow-core@1.1.0.CR5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-9cfx-e4jz-h7c1
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-fx5j-2na1-hfcu
8
vulnerability VCID-nftp-q5a9-eqdn
9
vulnerability VCID-s4zw-6yd3-qfb7
10
vulnerability VCID-tbh6-rhwv-wfcm
11
vulnerability VCID-ug8z-4ece-hfdw
12
vulnerability VCID-ww1g-jbj2-2ubu
13
vulnerability VCID-xb2n-a5w7-g7cx
14
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.1.0.CR5
3
url pkg:maven/io.undertow/undertow-core@1.2.0.Beta3
purl pkg:maven/io.undertow/undertow-core@1.2.0.Beta3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-9cfx-e4jz-h7c1
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-fx5j-2na1-hfcu
8
vulnerability VCID-nftp-q5a9-eqdn
9
vulnerability VCID-s4zw-6yd3-qfb7
10
vulnerability VCID-tbh6-rhwv-wfcm
11
vulnerability VCID-ug8z-4ece-hfdw
12
vulnerability VCID-ww1g-jbj2-2ubu
13
vulnerability VCID-xb2n-a5w7-g7cx
14
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.2.0.Beta3
aliases CVE-2014-7816, GHSA-h6p6-fc4w-cqhx
risk_score 0.2
exploitability 0.5
weighted_severity 0.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fnhp-xcc6-7ygg
8
url VCID-nftp-q5a9-eqdn
vulnerability_id VCID-nftp-q5a9-eqdn
summary
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
reference_id
reference_type
scores
0
value 0.05972
scoring_system epss
scoring_elements 0.90805
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
3
reference_url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
4
reference_url http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98965
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
reference_id CVE-2017-2670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
7
reference_url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
reference_id GHSA-3x7h-5hfr-hvjm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.28
purl pkg:maven/io.undertow/undertow-core@1.3.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28
1
url pkg:maven/io.undertow/undertow-core@1.3.28.Final
purl pkg:maven/io.undertow/undertow-core@1.3.28.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8mnx-8nvz-tyda
3
vulnerability VCID-8tag-j15y-s3bv
4
vulnerability VCID-91gu-393b-qfhn
5
vulnerability VCID-9cfx-e4jz-h7c1
6
vulnerability VCID-d135-ye4c-57ec
7
vulnerability VCID-ehrd-7nff-ryh9
8
vulnerability VCID-fx5j-2na1-hfcu
9
vulnerability VCID-s4zw-6yd3-qfb7
10
vulnerability VCID-tbh6-rhwv-wfcm
11
vulnerability VCID-ug8z-4ece-hfdw
12
vulnerability VCID-ww1g-jbj2-2ubu
13
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final
aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nftp-q5a9-eqdn
9
url VCID-s4zw-6yd3-qfb7
vulnerability_id VCID-s4zw-6yd3-qfb7
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1247
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1247
1
reference_url https://access.redhat.com/errata/RHSA-2018:1248
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1248
2
reference_url https://access.redhat.com/errata/RHSA-2018:1249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1249
3
reference_url https://access.redhat.com/errata/RHSA-2018:1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1251
4
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
5
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70534
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
8
reference_url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
9
reference_url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
reference_id 900323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
reference_id CVE-2018-1067
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
12
reference_url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
reference_id GHSA-47mp-rq2x-wjf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-9cfx-e4jz-h7c1
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-tbh6-rhwv-wfcm
8
vulnerability VCID-ug8z-4ece-hfdw
9
vulnerability VCID-ww1g-jbj2-2ubu
10
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-9cfx-e4jz-h7c1
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-tbh6-rhwv-wfcm
6
vulnerability VCID-ww1g-jbj2-2ubu
7
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
aliases CVE-2018-1067, GHSA-47mp-rq2x-wjf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4zw-6yd3-qfb7
10
url VCID-tbh6-rhwv-wfcm
vulnerability_id VCID-tbh6-rhwv-wfcm
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53517
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10705
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1803241
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10705
3
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0014/
5
reference_url https://github.com/advisories/GHSA-g4cp-h53p-v3v8
reference_id GHSA-g4cp-h53p-v3v8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4cp-h53p-v3v8
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.1.Final
purl pkg:maven/io.undertow/undertow-core@2.1.1.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final
aliases CVE-2020-10705, GHSA-g4cp-h53p-v3v8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbh6-rhwv-wfcm
11
url VCID-ug8z-4ece-hfdw
vulnerability_id VCID-ug8z-4ece-hfdw
summary 
Path Traversal
The AJP connector in undertow does not use the `ALLOW_ENCODED_SLASH` option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66724
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
6
reference_url https://cwe.mitre.org/data/definitions/22.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/22.html
7
reference_url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
reference_id 891928
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
reference_id CVE-2018-1048
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
10
reference_url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
reference_id GHSA-prfw-3qx6-g9xr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-7afz-fgkz-f3fd
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-9cfx-e4jz-h7c1
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-tbh6-rhwv-wfcm
8
vulnerability VCID-ww1g-jbj2-2ubu
9
vulnerability VCID-xb2n-a5w7-g7cx
10
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
aliases CVE-2018-1048, GHSA-prfw-3qx6-g9xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ug8z-4ece-hfdw
12
url VCID-ww1g-jbj2-2ubu
vulnerability_id VCID-ww1g-jbj2-2ubu
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47602
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
3
reference_url https://security.netapp.com/advisory/ntap-20220211-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220211-0001
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
reference_id CVE-2019-14888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.29.Final
purl pkg:maven/io.undertow/undertow-core@2.0.29.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nyw-aps1-s3ft
1
vulnerability VCID-9cfx-e4jz-h7c1
2
vulnerability VCID-tbh6-rhwv-wfcm
3
vulnerability VCID-xyjb-bxjg-2ye3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final
aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww1g-jbj2-2ubu
13
url VCID-xyjb-bxjg-2ye3
vulnerability_id VCID-xyjb-bxjg-2ye3
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37528
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10719
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-10719
3
reference_url https://security.netapp.com/advisory/ntap-20220210-0014
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0014
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0014/
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
reference_id 969913
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913
6
reference_url https://github.com/advisories/GHSA-cccf-7xw3-p2vr
reference_id GHSA-cccf-7xw3-p2vr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cccf-7xw3-p2vr
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.1.1.Final
purl pkg:maven/io.undertow/undertow-core@2.1.1.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final
aliases CVE-2020-10719, GHSA-cccf-7xw3-p2vr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xyjb-bxjg-2ye3
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.0.0.Beta3