VulnerableCode Package Details - pkg:deb/debian/undertow@2.0.30-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dvxb-wu3m-xuaz	Improper Authorization in Undertoe A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.	CVE-2020-1745 GHSA-gv2w-88hx-8m9r
VCID-p9y4-yce4-zqbk	Undertow vulnerable to Uncontrolled Resource Consumption A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.	CVE-2019-14888 GHSA-vjxc-frw4-jmh5

Vulnerability

Summary

Aliases

VCID-dvxb-wu3m-xuaz

Improper Authorization in Undertoe A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

CVE-2020-1745
GHSA-gv2w-88hx-8m9r

VCID-p9y4-yce4-zqbk

Undertow vulnerable to Uncontrolled Resource Consumption A vulnerability was found in the Undertow HTTP server in versions before 2.0.29 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

CVE-2019-14888
GHSA-vjxc-frw4-jmh5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:15:09.387747+00:00	Debian Importer	Fixing	VCID-dvxb-wu3m-xuaz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:50:11.435966+00:00	Debian Importer	Fixing	VCID-p9y4-yce4-zqbk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:07:30.941252+00:00	Debian Importer	Fixing	VCID-dvxb-wu3m-xuaz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:34:27.779316+00:00	Debian Importer	Fixing	VCID-p9y4-yce4-zqbk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:55:45.161380+00:00	Debian Importer	Fixing	VCID-dvxb-wu3m-xuaz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:45.024803+00:00	Debian Importer	Fixing	VCID-p9y4-yce4-zqbk	https://security-tracker.debian.org/tracker/data/json	38.1.0