Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/undertow@2.0.23-1?distro=sid
purl pkg:deb/debian/undertow@2.0.23-1?distro=sid
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-4kdg-asyc-rbdx Undertow Missing Authorization when requesting a protected directory without trailing slash undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. CVE-2019-10184
GHSA-w69w-jvc7-wjgv
VCID-bhrz-ea7j-k3bh Information Exposure An information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`. CVE-2019-3888
GHSA-jwgx-9mmh-684w
VCID-rqvc-k1jm-9kg9 Information Exposure An information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests. CVE-2018-14642
GHSA-vf6r-mmhc-3xcm
VCID-ygp7-kj2w-syat Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling. CVE-2017-12165
GHSA-5gg7-5wv8-4gcj

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:46:50.814088+00:00 Debian Importer Fixing VCID-rqvc-k1jm-9kg9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:16:37.100967+00:00 Debian Importer Fixing VCID-bhrz-ea7j-k3bh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:12:42.230137+00:00 Debian Importer Fixing VCID-ygp7-kj2w-syat https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:39:42.867039+00:00 Debian Importer Fixing VCID-4kdg-asyc-rbdx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:45:58.401453+00:00 Debian Importer Fixing VCID-rqvc-k1jm-9kg9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:23:45.334701+00:00 Debian Importer Fixing VCID-bhrz-ea7j-k3bh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:21:10.037446+00:00 Debian Importer Fixing VCID-ygp7-kj2w-syat https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:49:21.471383+00:00 Debian Importer Fixing VCID-4kdg-asyc-rbdx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:55:45.074144+00:00 Debian Importer Fixing VCID-bhrz-ea7j-k3bh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:44.983058+00:00 Debian Importer Fixing VCID-4kdg-asyc-rbdx https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:44.962567+00:00 Debian Importer Fixing VCID-rqvc-k1jm-9kg9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:55:44.764319+00:00 Debian Importer Fixing VCID-ygp7-kj2w-syat https://security-tracker.debian.org/tracker/data/json 38.1.0