VulnerableCode Package Details - pkg:maven/io.undertow/undertow-core@2.2.19

Search for packages

Vulnerability	Summary	Fixed by
VCID-4v1f-kt5y-w7d1 Aliases: CVE-2022-2764	Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations	2.2.20.Final Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.1.Final Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-62gn-nwup-8uat Aliases: CVE-2022-1259	undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)	2.2.20.Final Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-93ut-2de3-ckc5 Aliases: CVE-2022-1319	undertow: Double AJP response for 400 from EAP 7 results in CPING failures	2.2.20.Final Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.1.Final Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4v1f-kt5y-w7d1
Aliases:
CVE-2022-2764

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

2.2.20.Final
Affected by 7 other vulnerabilities.

2.3.1.Final
Affected by 6 other vulnerabilities.

VCID-62gn-nwup-8uat
Aliases:
CVE-2022-1259

undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)

2.2.20.Final
Affected by 7 other vulnerabilities.

VCID-93ut-2de3-ckc5
Aliases:
CVE-2022-1319

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

2.2.20.Final
Affected by 7 other vulnerabilities.

2.3.1.Final
Affected by 6 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:27:34.896770+00:00	GitLab Importer	Affected by	VCID-4v1f-kt5y-w7d1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-2764.yml	38.1.0
2026-04-03T21:27:34.531781+00:00	GitLab Importer	Affected by	VCID-93ut-2de3-ckc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-1319.yml	38.1.0
2026-04-03T21:27:34.242549+00:00	GitLab Importer	Affected by	VCID-62gn-nwup-8uat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-1259.yml	38.1.0
2026-04-03T21:27:27.136278+00:00	GitLab Importer	Fixing	VCID-xftw-raz7-b7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-2053.yml	38.1.0