VulnerableCode Package Details - pkg:maven/io.undertow/undertow-core@2.3.18.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-3zsw-hyhp-4yfm Aliases: CVE-2024-4109 GHSA-22c5-cpvr-cfvq	Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse # Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. # Original Description A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.	There are no reported fixed by versions.
VCID-ns3p-22xg-q3bz Aliases: CVE-2025-9784 GHSA-95h4-w6j8-2rp8	Undertow MadeYouReset HTTP/2 DDoS Vulnerability A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).	2.3.20.Final Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3zsw-hyhp-4yfm
Aliases:
CVE-2024-4109
GHSA-22c5-cpvr-cfvq

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse # Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. # Original Description A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.

There are no reported fixed by versions.

VCID-ns3p-22xg-q3bz
Aliases:
CVE-2025-9784
GHSA-95h4-w6j8-2rp8

Undertow MadeYouReset HTTP/2 DDoS Vulnerability A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

2.3.20.Final
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:39:47.611750+00:00	GitLab Importer	Affected by	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.4.0
2026-04-12T01:00:31.871969+00:00	GitLab Importer	Affected by	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.3.0
2026-04-07T04:56:37.845557+00:00	GHSA Importer	Affected by	VCID-3zsw-hyhp-4yfm	https://github.com/advisories/GHSA-22c5-cpvr-cfvq	38.1.0
2026-04-03T01:08:43.578081+00:00	GitLab Importer	Affected by	VCID-ns3p-22xg-q3bz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-9784.yml	38.1.0