Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/undertow@2.0.23-1?distro=sid
Typedeb
Namespacedebian
Nameundertow
Version2.0.23-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.0.25-1
Latest_non_vulnerable_version2.3.20-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4kdg-asyc-rbdx
vulnerability_id VCID-4kdg-asyc-rbdx
summary 
Undertow Missing Authorization when requesting a protected directory without trailing slash
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2935
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2935
1
reference_url https://access.redhat.com/errata/RHSA-2019:2936
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2936
2
reference_url https://access.redhat.com/errata/RHSA-2019:2937
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2937
3
reference_url https://access.redhat.com/errata/RHSA-2019:2938
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2938
4
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
5
reference_url https://access.redhat.com/errata/RHSA-2019:3044
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3044
6
reference_url https://access.redhat.com/errata/RHSA-2019:3045
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3045
7
reference_url https://access.redhat.com/errata/RHSA-2019:3046
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3046
8
reference_url https://access.redhat.com/errata/RHSA-2019:3050
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3050
9
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10184.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10184.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10184
reference_id
reference_type
scores
0
value 0.01424
scoring_system epss
scoring_elements 0.80562
published_at 2026-04-02T12:55:00Z
1
value 0.01424
scoring_system epss
scoring_elements 0.80555
published_at 2026-04-01T12:55:00Z
2
value 0.01424
scoring_system epss
scoring_elements 0.80584
published_at 2026-04-04T12:55:00Z
3
value 0.01424
scoring_system epss
scoring_elements 0.80576
published_at 2026-04-07T12:55:00Z
4
value 0.01424
scoring_system epss
scoring_elements 0.80604
published_at 2026-04-08T12:55:00Z
5
value 0.01424
scoring_system epss
scoring_elements 0.80614
published_at 2026-04-09T12:55:00Z
6
value 0.01424
scoring_system epss
scoring_elements 0.80631
published_at 2026-04-11T12:55:00Z
7
value 0.01424
scoring_system epss
scoring_elements 0.80618
published_at 2026-04-12T12:55:00Z
8
value 0.01424
scoring_system epss
scoring_elements 0.80609
published_at 2026-04-13T12:55:00Z
9
value 0.01508
scoring_system epss
scoring_elements 0.81219
published_at 2026-04-16T12:55:00Z
10
value 0.01508
scoring_system epss
scoring_elements 0.8122
published_at 2026-04-18T12:55:00Z
11
value 0.01508
scoring_system epss
scoring_elements 0.81218
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10184
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184
13
reference_url https://github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfa
14
reference_url https://github.com/undertow-io/undertow/pull/794
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/pull/794
15
reference_url https://issues.redhat.com/browse/UNDERTOW-1578
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1578
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10184
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10184
17
reference_url https://security.netapp.com/advisory/ntap-20220210-0016
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0016
18
reference_url https://security.netapp.com/advisory/ntap-20220210-0016/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0016/
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1713068
reference_id 1713068
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1713068
20
reference_url https://github.com/advisories/GHSA-w69w-jvc7-wjgv
reference_id GHSA-w69w-jvc7-wjgv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w69w-jvc7-wjgv
21
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-10184, GHSA-w69w-jvc7-wjgv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kdg-asyc-rbdx
1
url VCID-bhrz-ea7j-k3bh
vulnerability_id VCID-bhrz-ea7j-k3bh
summary 
Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2439
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2439
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
reference_id
reference_type
scores
0
value 0.00577
scoring_system epss
scoring_elements 0.68853
published_at 2026-04-18T12:55:00Z
1
value 0.00577
scoring_system epss
scoring_elements 0.68755
published_at 2026-04-02T12:55:00Z
2
value 0.00577
scoring_system epss
scoring_elements 0.68775
published_at 2026-04-04T12:55:00Z
3
value 0.00577
scoring_system epss
scoring_elements 0.68753
published_at 2026-04-07T12:55:00Z
4
value 0.00577
scoring_system epss
scoring_elements 0.68804
published_at 2026-04-08T12:55:00Z
5
value 0.00577
scoring_system epss
scoring_elements 0.68823
published_at 2026-04-09T12:55:00Z
6
value 0.00577
scoring_system epss
scoring_elements 0.68846
published_at 2026-04-11T12:55:00Z
7
value 0.00577
scoring_system epss
scoring_elements 0.68831
published_at 2026-04-21T12:55:00Z
8
value 0.00577
scoring_system epss
scoring_elements 0.68802
published_at 2026-04-13T12:55:00Z
9
value 0.00577
scoring_system epss
scoring_elements 0.68843
published_at 2026-04-16T12:55:00Z
10
value 0.00577
scoring_system epss
scoring_elements 0.68736
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0019
7
reference_url https://security.netapp.com/advisory/ntap-20220210-0019/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0019/
8
reference_url http://www.securityfocus.com/bid/108739
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108739
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
reference_id 1693777
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1693777
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id 930349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
reference_id CVE-2019-3888
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
12
reference_url https://github.com/advisories/GHSA-jwgx-9mmh-684w
reference_id GHSA-jwgx-9mmh-684w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwgx-9mmh-684w
13
reference_url https://access.redhat.com/errata/RHSA-2019:1419
reference_id RHSA-2019:1419
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1419
14
reference_url https://access.redhat.com/errata/RHSA-2019:1420
reference_id RHSA-2019:1420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1420
15
reference_url https://access.redhat.com/errata/RHSA-2019:1421
reference_id RHSA-2019:1421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1421
16
reference_url https://access.redhat.com/errata/RHSA-2019:1424
reference_id RHSA-2019:1424
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:1424
17
reference_url https://access.redhat.com/errata/RHSA-2020:0983
reference_id RHSA-2020:0983
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0983
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhrz-ea7j-k3bh
2
url VCID-rqvc-k1jm-9kg9
vulnerability_id VCID-rqvc-k1jm-9kg9
summary 
Information Exposure
An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
5
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
6
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
7
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
8
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json
9
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72224
published_at 2026-04-21T12:55:00Z
1
value 0.00708
scoring_system epss
scoring_elements 0.72182
published_at 2026-04-08T12:55:00Z
2
value 0.00708
scoring_system epss
scoring_elements 0.72194
published_at 2026-04-09T12:55:00Z
3
value 0.00708
scoring_system epss
scoring_elements 0.72216
published_at 2026-04-11T12:55:00Z
4
value 0.00708
scoring_system epss
scoring_elements 0.722
published_at 2026-04-12T12:55:00Z
5
value 0.00708
scoring_system epss
scoring_elements 0.72186
published_at 2026-04-13T12:55:00Z
6
value 0.00708
scoring_system epss
scoring_elements 0.72229
published_at 2026-04-16T12:55:00Z
7
value 0.00708
scoring_system epss
scoring_elements 0.72238
published_at 2026-04-18T12:55:00Z
8
value 0.00708
scoring_system epss
scoring_elements 0.72167
published_at 2026-04-04T12:55:00Z
9
value 0.00708
scoring_system epss
scoring_elements 0.72145
published_at 2026-04-07T12:55:00Z
10
value 0.00746
scoring_system epss
scoring_elements 0.73006
published_at 2026-04-01T12:55:00Z
11
value 0.00746
scoring_system epss
scoring_elements 0.73015
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
reference_id 1628702
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1628702
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id 911796
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
reference_id CVE-2018-14642
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
14
reference_url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
reference_id GHSA-vf6r-mmhc-3xcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqvc-k1jm-9kg9
3
url VCID-ygp7-kj2w-syat
vulnerability_id VCID-ygp7-kj2w-syat
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.7803
published_at 2026-04-21T12:55:00Z
1
value 0.01096
scoring_system epss
scoring_elements 0.77946
published_at 2026-04-01T12:55:00Z
2
value 0.01096
scoring_system epss
scoring_elements 0.77953
published_at 2026-04-02T12:55:00Z
3
value 0.01096
scoring_system epss
scoring_elements 0.77982
published_at 2026-04-04T12:55:00Z
4
value 0.01096
scoring_system epss
scoring_elements 0.77963
published_at 2026-04-07T12:55:00Z
5
value 0.01096
scoring_system epss
scoring_elements 0.7799
published_at 2026-04-08T12:55:00Z
6
value 0.01096
scoring_system epss
scoring_elements 0.77995
published_at 2026-04-09T12:55:00Z
7
value 0.01096
scoring_system epss
scoring_elements 0.78022
published_at 2026-04-11T12:55:00Z
8
value 0.01096
scoring_system epss
scoring_elements 0.78005
published_at 2026-04-12T12:55:00Z
9
value 0.01096
scoring_system epss
scoring_elements 0.78003
published_at 2026-04-13T12:55:00Z
10
value 0.01096
scoring_system epss
scoring_elements 0.78038
published_at 2026-04-16T12:55:00Z
11
value 0.01096
scoring_system epss
scoring_elements 0.78037
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
3
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
4
reference_url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
5
reference_url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
6
reference_url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
7
reference_url https://issues.redhat.com/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1251
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1490301
reference_id 1490301
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1490301
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
reference_id 885338
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
reference_id CVE-2017-12165
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
11
reference_url https://github.com/advisories/GHSA-5gg7-5wv8-4gcj
reference_id GHSA-5gg7-5wv8-4gcj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gg7-5wv8-4gcj
fixed_packages
0
url pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid
1
url pkg:deb/debian/undertow@2.3.20-1?distro=sid
purl pkg:deb/debian/undertow@2.3.20-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.3.20-1%3Fdistro=sid
aliases CVE-2017-12165, GHSA-5gg7-5wv8-4gcj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ygp7-kj2w-syat
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/undertow@2.0.23-1%3Fdistro=sid