Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.undertow/undertow-core@1.3.1.Final
Typemaven
Namespaceio.undertow
Nameundertow-core
Version1.3.1.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.29.Final
Latest_non_vulnerable_version2.4.0.Beta1
Affected_by_vulnerabilities
0
url VCID-7afz-fgkz-f3fd
vulnerability_id VCID-7afz-fgkz-f3fd
summary 
Information Exposure
An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:0362
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0362
1
reference_url https://access.redhat.com/errata/RHSA-2019:0364
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0364
2
reference_url https://access.redhat.com/errata/RHSA-2019:0365
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0365
3
reference_url https://access.redhat.com/errata/RHSA-2019:0380
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0380
4
reference_url https://access.redhat.com/errata/RHSA-2019:1106
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1106
5
reference_url https://access.redhat.com/errata/RHSA-2019:1107
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1107
6
reference_url https://access.redhat.com/errata/RHSA-2019:1108
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1108
7
reference_url https://access.redhat.com/errata/RHSA-2019:1140
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1140
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
reference_id
reference_type
scores
0
value 0.00708
scoring_system epss
scoring_elements 0.72506
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14642
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
reference_id 911796
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
reference_id CVE-2018-14642
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14642
12
reference_url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
reference_id GHSA-vf6r-mmhc-3xcm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vf6r-mmhc-3xcm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.15.Final
purl pkg:maven/io.undertow/undertow-core@2.0.15.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d135-ye4c-57ec
1
vulnerability VCID-ehrd-7nff-ryh9
2
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.15
purl pkg:maven/io.undertow/undertow-core@2.0.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15
2
url pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
purl pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL
aliases CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7afz-fgkz-f3fd
1
url VCID-8mnx-8nvz-tyda
vulnerability_id VCID-8mnx-8nvz-tyda
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7559
reference_id
reference_type
scores
0
value 0.01128
scoring_system epss
scoring_elements 0.78616
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7559
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://issues.jboss.org/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1251
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
reference_id 885576
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7559
reference_id CVE-2017-7559
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7559
6
reference_url https://github.com/advisories/GHSA-rj76-h87p-r3wf
reference_id GHSA-rj76-h87p-r3wf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj76-h87p-r3wf
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.31.Final
purl pkg:maven/io.undertow/undertow-core@1.3.31.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-s4zw-6yd3-qfb7
6
vulnerability VCID-ug8z-4ece-hfdw
7
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.17.Final
purl pkg:maven/io.undertow/undertow-core@1.4.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-ctw5-1q7n-b7bk
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-s4zw-6yd3-qfb7
7
vulnerability VCID-ug8z-4ece-hfdw
8
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final
2
url pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
purl pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2
3
url pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-s4zw-6yd3-qfb7
6
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final
aliases CVE-2017-7559, GHSA-rj76-h87p-r3wf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mnx-8nvz-tyda
2
url VCID-8tag-j15y-s3bv
vulnerability_id VCID-8tag-j15y-s3bv
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
1
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
2
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.72482
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1114
4
reference_url https://bugs.openjdk.java.net/browse/JDK-6956385
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.openjdk.java.net/browse/JDK-6956385
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114
6
reference_url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e
7
reference_url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64
8
reference_url https://issues.jboss.org/browse/UNDERTOW-1338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1338
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
reference_id 897247
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
reference_id CVE-2018-1114
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1114
11
reference_url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
reference_id GHSA-gjjx-gqm4-wcgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjjx-gqm4-wcgm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-ug8z-4ece-hfdw
6
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5
purl pkg:maven/io.undertow/undertow-core@2.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5
2
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-d135-ye4c-57ec
2
vulnerability VCID-ehrd-7nff-ryh9
3
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
aliases CVE-2018-1114, GHSA-gjjx-gqm4-wcgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tag-j15y-s3bv
3
url VCID-91gu-393b-qfhn
vulnerability_id VCID-91gu-393b-qfhn
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://access.redhat.com/errata/RHSA-2018:1525
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1525
5
reference_url https://access.redhat.com/errata/RHSA-2018:2405
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2405
6
reference_url https://access.redhat.com/errata/RHSA-2018:3768
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3768
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
reference_id
reference_type
scores
0
value 0.00531
scoring_system epss
scoring_elements 0.67564
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12196
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196
9
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
10
reference_url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
11
reference_url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
12
reference_url https://issues.jboss.org/browse/UNDERTOW-1190
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.jboss.org/browse/UNDERTOW-1190
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
reference_id CVE-2017-12196
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12196
14
reference_url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
reference_id GHSA-cp7v-vmv7-6x2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cp7v-vmv7-6x2q
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.19.Final
purl pkg:maven/io.undertow/undertow-core@1.4.19.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-s4zw-6yd3-qfb7
6
vulnerability VCID-ug8z-4ece-hfdw
7
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.24.Final
purl pkg:maven/io.undertow/undertow-core@1.4.24.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-ctw5-1q7n-b7bk
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-s4zw-6yd3-qfb7
7
vulnerability VCID-ug8z-4ece-hfdw
8
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final
2
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-ug8z-4ece-hfdw
6
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
3
url pkg:maven/io.undertow/undertow-core@2.0.2.FInal
purl pkg:maven/io.undertow/undertow-core@2.0.2.FInal
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2.FInal
4
url pkg:maven/io.undertow/undertow-core@2.0.3.Final
purl pkg:maven/io.undertow/undertow-core@2.0.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-d135-ye4c-57ec
3
vulnerability VCID-ehrd-7nff-ryh9
4
vulnerability VCID-s4zw-6yd3-qfb7
5
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final
aliases CVE-2017-12196, GHSA-cp7v-vmv7-6x2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91gu-393b-qfhn
4
url VCID-d135-ye4c-57ec
vulnerability_id VCID-d135-ye4c-57ec
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
1
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63834
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10212
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212
4
reference_url https://security.netapp.com/advisory/ntap-20220210-0017
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0017
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0017/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0017/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
reference_id CVE-2019-10212
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10212
7
reference_url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
reference_id GHSA-8vh8-vc28-m2hf
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8vh8-vc28-m2hf
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.20.Final
purl pkg:maven/io.undertow/undertow-core@2.0.20.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ehrd-7nff-ryh9
1
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.20
purl pkg:maven/io.undertow/undertow-core@2.0.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20
aliases CVE-2019-10212, GHSA-8vh8-vc28-m2hf
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d135-ye4c-57ec
5
url VCID-ehrd-7nff-ryh9
vulnerability_id VCID-ehrd-7nff-ryh9
summary 
Information Exposure
An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2439
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2439
1
reference_url https://access.redhat.com/errata/RHSA-2019:2998
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:2998
2
reference_url https://access.redhat.com/errata/RHSA-2020:0727
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0727
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68417
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3888
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888
5
reference_url https://security.netapp.com/advisory/ntap-20220210-0019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0019
6
reference_url https://security.netapp.com/advisory/ntap-20220210-0019/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0019/
7
reference_url http://www.securityfocus.com/bid/108739
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/108739
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
reference_id 930349
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
reference_id CVE-2019-3888
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3888
10
reference_url https://github.com/advisories/GHSA-jwgx-9mmh-684w
reference_id GHSA-jwgx-9mmh-684w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwgx-9mmh-684w
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.21
purl pkg:maven/io.undertow/undertow-core@2.0.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21
1
url pkg:maven/io.undertow/undertow-core@2.0.21.Final
purl pkg:maven/io.undertow/undertow-core@2.0.21.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final
aliases CVE-2019-3888, GHSA-jwgx-9mmh-684w
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehrd-7nff-ryh9
6
url VCID-fx5j-2na1-hfcu
vulnerability_id VCID-fx5j-2na1-hfcu
summary 
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
reference_id
reference_type
scores
0
value 0.01096
scoring_system epss
scoring_elements 0.78303
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12165
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
4
reference_url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f
5
reference_url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc
6
reference_url https://issues.redhat.com/browse/UNDERTOW-1251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-1251
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
reference_id 885338
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
reference_id CVE-2017-12165
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12165
9
reference_url https://github.com/advisories/GHSA-5gg7-5wv8-4gcj
reference_id GHSA-5gg7-5wv8-4gcj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gg7-5wv8-4gcj
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.31
purl pkg:maven/io.undertow/undertow-core@1.3.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31
1
url pkg:maven/io.undertow/undertow-core@1.3.31.Final
purl pkg:maven/io.undertow/undertow-core@1.3.31.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-s4zw-6yd3-qfb7
6
vulnerability VCID-ug8z-4ece-hfdw
7
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final
2
url pkg:maven/io.undertow/undertow-core@1.4.17
purl pkg:maven/io.undertow/undertow-core@1.4.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17
3
url pkg:maven/io.undertow/undertow-core@1.4.17.Final
purl pkg:maven/io.undertow/undertow-core@1.4.17.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-ctw5-1q7n-b7bk
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-s4zw-6yd3-qfb7
7
vulnerability VCID-ug8z-4ece-hfdw
8
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final
4
url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-ww1g-jbj2-2ubu
6
vulnerability VCID-xb2n-a5w7-g7cx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
5
url pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-s4zw-6yd3-qfb7
6
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final
aliases CVE-2017-12165, GHSA-5gg7-5wv8-4gcj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fx5j-2na1-hfcu
7
url VCID-nftp-q5a9-eqdn
vulnerability_id VCID-nftp-q5a9-eqdn
summary
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2017-1409.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2017-1409.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
reference_id
reference_type
scores
0
value 0.05972
scoring_system epss
scoring_elements 0.90805
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2670
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670
3
reference_url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
4
reference_url http://www.securityfocus.com/bid/98965
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/98965
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
reference_id 864405
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
reference_id CVE-2017-2670
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2670
7
reference_url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
reference_id GHSA-3x7h-5hfr-hvjm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3x7h-5hfr-hvjm
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.28
purl pkg:maven/io.undertow/undertow-core@1.3.28
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28
1
url pkg:maven/io.undertow/undertow-core@1.3.28.Final
purl pkg:maven/io.undertow/undertow-core@1.3.28.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8mnx-8nvz-tyda
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-fx5j-2na1-hfcu
7
vulnerability VCID-s4zw-6yd3-qfb7
8
vulnerability VCID-ug8z-4ece-hfdw
9
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final
aliases CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nftp-q5a9-eqdn
8
url VCID-s4zw-6yd3-qfb7
vulnerability_id VCID-s4zw-6yd3-qfb7
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:1247
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1247
1
reference_url https://access.redhat.com/errata/RHSA-2018:1248
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1248
2
reference_url https://access.redhat.com/errata/RHSA-2018:1249
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1249
3
reference_url https://access.redhat.com/errata/RHSA-2018:1251
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:1251
4
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
5
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70534
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1067
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067
8
reference_url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8
9
reference_url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
reference_id 900323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
reference_id CVE-2018-1067
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1067
12
reference_url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
reference_id GHSA-47mp-rq2x-wjf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47mp-rq2x-wjf2
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.4.25.Final
purl pkg:maven/io.undertow/undertow-core@1.4.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-ug8z-4ece-hfdw
6
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final
1
url pkg:maven/io.undertow/undertow-core@2.0.5.Final
purl pkg:maven/io.undertow/undertow-core@2.0.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-d135-ye4c-57ec
2
vulnerability VCID-ehrd-7nff-ryh9
3
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final
aliases CVE-2018-1067, GHSA-47mp-rq2x-wjf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4zw-6yd3-qfb7
9
url VCID-ug8z-4ece-hfdw
vulnerability_id VCID-ug8z-4ece-hfdw
summary 
Path Traversal
The AJP connector in undertow does not use the `ALLOW_ENCODED_SLASH` option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:0478
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0478
1
reference_url https://access.redhat.com/errata/RHSA-2018:0479
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0479
2
reference_url https://access.redhat.com/errata/RHSA-2018:0480
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0480
3
reference_url https://access.redhat.com/errata/RHSA-2018:0481
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0481
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66724
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1048
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1534343
6
reference_url https://cwe.mitre.org/data/definitions/22.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/22.html
7
reference_url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
reference_id
reference_type
scores
url https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
reference_id 891928
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
reference_id CVE-2018-1048
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1048
10
reference_url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
reference_id GHSA-prfw-3qx6-g9xr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prfw-3qx6-g9xr
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-ww1g-jbj2-2ubu
6
vulnerability VCID-xb2n-a5w7-g7cx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
aliases CVE-2018-1048, GHSA-prfw-3qx6-g9xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ug8z-4ece-hfdw
10
url VCID-ww1g-jbj2-2ubu
vulnerability_id VCID-ww1g-jbj2-2ubu
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0729
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0729
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47602
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14888
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888
3
reference_url https://security.netapp.com/advisory/ntap-20220211-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220211-0001
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
reference_id CVE-2019-14888
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14888
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@2.0.29.Final
purl pkg:maven/io.undertow/undertow-core@2.0.29.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final
aliases CVE-2019-14888, GHSA-vjxc-frw4-jmh5
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ww1g-jbj2-2ubu
11
url VCID-xb2n-a5w7-g7cx
vulnerability_id VCID-xb2n-a5w7-g7cx
summary 
Improper Neutralization of CRLF Sequences in HTTP Headers
CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2016-1838.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1838.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2016-1839.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1839.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2016-1840.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1840.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2016-1841.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-1841.html
4
reference_url https://access.redhat.com/errata/RHSA-2017:3454
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3454
5
reference_url https://access.redhat.com/errata/RHSA-2017:3455
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3455
6
reference_url https://access.redhat.com/errata/RHSA-2017:3456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3456
7
reference_url https://access.redhat.com/errata/RHSA-2017:3458
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3458
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4993
reference_id
reference_type
scores
0
value 0.01476
scoring_system epss
scoring_elements 0.81271
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4993
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1344321
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1344321
10
reference_url https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12
11
reference_url https://issues.redhat.com/browse/UNDERTOW-827
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-827
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4993
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4993
13
reference_url https://access.redhat.com/security/cve/CVE-2016-4993
reference_id CVE-2016-4993
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2016-4993
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.5.Final
purl pkg:maven/io.undertow/undertow-core@1.3.5.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8mnx-8nvz-tyda
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-fx5j-2na1-hfcu
7
vulnerability VCID-nftp-q5a9-eqdn
8
vulnerability VCID-s4zw-6yd3-qfb7
9
vulnerability VCID-ug8z-4ece-hfdw
10
vulnerability VCID-ww1g-jbj2-2ubu
11
vulnerability VCID-xy1a-thk6-5fhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.5.Final
1
url pkg:maven/io.undertow/undertow-core@1.4.0
purl pkg:maven/io.undertow/undertow-core@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mnx-8nvz-tyda
1
vulnerability VCID-ctw5-1q7n-b7bk
2
vulnerability VCID-fx5j-2na1-hfcu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0
2
url pkg:maven/io.undertow/undertow-core@2.0.1
purl pkg:maven/io.undertow/undertow-core@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1
3
url pkg:maven/io.undertow/undertow-core@2.0.1.Final
purl pkg:maven/io.undertow/undertow-core@2.0.1.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-91gu-393b-qfhn
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-s4zw-6yd3-qfb7
6
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final
aliases CVE-2016-4993, GHSA-qcqr-hcjq-whfq
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xb2n-a5w7-g7cx
12
url VCID-xy1a-thk6-5fhz
vulnerability_id VCID-xy1a-thk6-5fhz
summary 
Uncontrolled Resource Consumption
Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-7046
reference_id
reference_type
scores
0
value 0.0406
scoring_system epss
scoring_elements 0.88721
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-7046
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1376646
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1376646
2
reference_url https://github.com/undertow-io/undertow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow
3
reference_url https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
4
reference_url https://issues.redhat.com/browse/UNDERTOW-835
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.redhat.com/browse/UNDERTOW-835
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7046
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-7046
6
reference_url https://security-tracker.debian.org/tracker/CVE-2016-7046
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2016-7046
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600
reference_id 838600
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600
8
reference_url https://access.redhat.com/security/cve/CVE-2016-7046
reference_id CVE-2016-7046
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2016-7046
fixed_packages
0
url pkg:maven/io.undertow/undertow-core@1.3.25.Final
purl pkg:maven/io.undertow/undertow-core@1.3.25.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8mnx-8nvz-tyda
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-fx5j-2na1-hfcu
7
vulnerability VCID-nftp-q5a9-eqdn
8
vulnerability VCID-s4zw-6yd3-qfb7
9
vulnerability VCID-ug8z-4ece-hfdw
10
vulnerability VCID-ww1g-jbj2-2ubu
11
vulnerability VCID-xy1a-thk6-5fhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.25.Final
1
url pkg:maven/io.undertow/undertow-core@1.3.26.Final
purl pkg:maven/io.undertow/undertow-core@1.3.26.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8mnx-8nvz-tyda
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-d135-ye4c-57ec
5
vulnerability VCID-ehrd-7nff-ryh9
6
vulnerability VCID-fx5j-2na1-hfcu
7
vulnerability VCID-nftp-q5a9-eqdn
8
vulnerability VCID-s4zw-6yd3-qfb7
9
vulnerability VCID-ug8z-4ece-hfdw
10
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.26.Final
2
url pkg:maven/io.undertow/undertow-core@1.4.3.Final
purl pkg:maven/io.undertow/undertow-core@1.4.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8mnx-8nvz-tyda
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-fx5j-2na1-hfcu
8
vulnerability VCID-s4zw-6yd3-qfb7
9
vulnerability VCID-ug8z-4ece-hfdw
10
vulnerability VCID-ww1g-jbj2-2ubu
11
vulnerability VCID-xy1a-thk6-5fhz
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.3.Final
3
url pkg:maven/io.undertow/undertow-core@1.4.4.Final
purl pkg:maven/io.undertow/undertow-core@1.4.4.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8mnx-8nvz-tyda
2
vulnerability VCID-8tag-j15y-s3bv
3
vulnerability VCID-91gu-393b-qfhn
4
vulnerability VCID-ctw5-1q7n-b7bk
5
vulnerability VCID-d135-ye4c-57ec
6
vulnerability VCID-ehrd-7nff-ryh9
7
vulnerability VCID-fx5j-2na1-hfcu
8
vulnerability VCID-s4zw-6yd3-qfb7
9
vulnerability VCID-ug8z-4ece-hfdw
10
vulnerability VCID-ww1g-jbj2-2ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.4.Final
4
url pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
purl pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7afz-fgkz-f3fd
1
vulnerability VCID-8tag-j15y-s3bv
2
vulnerability VCID-ctw5-1q7n-b7bk
3
vulnerability VCID-d135-ye4c-57ec
4
vulnerability VCID-ehrd-7nff-ryh9
5
vulnerability VCID-ww1g-jbj2-2ubu
6
vulnerability VCID-xb2n-a5w7-g7cx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1
5
url pkg:maven/io.undertow/undertow-core@2.0.1
purl pkg:maven/io.undertow/undertow-core@2.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1
aliases CVE-2016-7046, GHSA-3f57-w2rp-72fc
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xy1a-thk6-5fhz
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.1.Final