Search for packages
| purl | pkg:maven/io.undertow/undertow-core@2.1.0 |
| Tags | Ghost |
| Next non-vulnerable version | 2.3.20.Final |
| Latest non-vulnerable version | 2.4.0.Beta1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14ff-vn3t-vyhy
Aliases: CVE-2021-3690 GHSA-fj7c-vg2v-ccrm GMS-2022-2964 |
Undertow vulnerable to memory exhaustion due to buffer leak Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service. |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-beaj-uk9m-17be
Aliases: CVE-2020-27782 GHSA-rhcw-wjcm-9h6g |
Denial of service in Undertow A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. |
Affected by 1 other vulnerability. Affected by 16 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-bpuw-kn4r-6kau
Aliases: CVE-2021-20220 GHSA-qjwc-v72v-fq6r |
HTTP request smuggling in Undertow A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. |
Affected by 0 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-gsr8-1dea-effx
Aliases: CVE-2021-3597 GHSA-mfhv-gwf8-4m88 |
undertow Race Condition vulnerability A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. |
Affected by 14 other vulnerabilities. |
|
VCID-yn69-8upm-7yc2
Aliases: CVE-2021-3629 GHSA-rf6q-vx79-mjxr |
Undertow Uncontrolled Resource Consumption A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. |
Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||