VulnerableCode Package Details - pkg:deb/debian/undertow@2.2.0-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-73st-24ck-uydb	HTTP Request Smuggling in Undertow A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.	CVE-2020-10687 GHSA-p9w3-gwc2-cr49
VCID-bpuw-kn4r-6kau	HTTP request smuggling in Undertow A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.	CVE-2021-20220 GHSA-qjwc-v72v-fq6r

Vulnerability

Summary

Aliases

VCID-73st-24ck-uydb

HTTP Request Smuggling in Undertow A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

CVE-2020-10687
GHSA-p9w3-gwc2-cr49

VCID-bpuw-kn4r-6kau

HTTP request smuggling in Undertow A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2021-20220
GHSA-qjwc-v72v-fq6r

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:14:06.750514+00:00	Debian Importer	Fixing	VCID-bpuw-kn4r-6kau	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:45:51.227407+00:00	Debian Importer	Fixing	VCID-73st-24ck-uydb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:06:44.575394+00:00	Debian Importer	Fixing	VCID-bpuw-kn4r-6kau	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:53:15.451591+00:00	Debian Importer	Fixing	VCID-73st-24ck-uydb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:55:45.223814+00:00	Debian Importer	Fixing	VCID-bpuw-kn4r-6kau	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:45.095334+00:00	Debian Importer	Fixing	VCID-73st-24ck-uydb	https://security-tracker.debian.org/tracker/data/json	38.1.0