Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/io.undertow/undertow-core@2.3.21.Final
purl pkg:maven/io.undertow/undertow-core@2.3.21.Final
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-huxp-ctsp-fqay Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack. CVE-2024-3884
GHSA-6h4f-pj3g-q8fq
VCID-kk1t-t63f-rqg2 Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions. CVE-2025-12543
GHSA-j382-5jj3-vw4j
VCID-whcc-r17q-gffx Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack. CVE-2024-4027
GHSA-33hj-rcmx-86mv

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-17T00:13:49.135650+00:00 GitLab Importer Fixing VCID-whcc-r17q-gffx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml 38.4.0
2026-04-17T00:06:19.733545+00:00 GitLab Importer Fixing VCID-kk1t-t63f-rqg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-12543.yml 38.4.0
2026-04-17T00:01:41.728288+00:00 GitLab Importer Fixing VCID-huxp-ctsp-fqay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml 38.4.0
2026-04-12T01:37:43.583451+00:00 GitLab Importer Fixing VCID-whcc-r17q-gffx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml 38.3.0
2026-04-12T01:29:40.830007+00:00 GitLab Importer Fixing VCID-kk1t-t63f-rqg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-12543.yml 38.3.0
2026-04-12T01:24:39.381627+00:00 GitLab Importer Fixing VCID-huxp-ctsp-fqay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml 38.3.0
2026-04-03T01:46:40.928369+00:00 GitLab Importer Fixing VCID-whcc-r17q-gffx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml 38.1.0
2026-04-03T01:38:25.219608+00:00 GitLab Importer Fixing VCID-kk1t-t63f-rqg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-12543.yml 38.1.0
2026-04-03T01:33:16.789092+00:00 GitLab Importer Fixing VCID-huxp-ctsp-fqay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml 38.1.0
2026-04-01T16:07:51.943955+00:00 GHSA Importer Fixing VCID-whcc-r17q-gffx https://github.com/advisories/GHSA-33hj-rcmx-86mv 38.0.0
2026-04-01T16:07:30.209976+00:00 GHSA Importer Fixing VCID-kk1t-t63f-rqg2 https://github.com/advisories/GHSA-j382-5jj3-vw4j 38.0.0
2026-04-01T16:07:16.457386+00:00 GHSA Importer Fixing VCID-huxp-ctsp-fqay https://github.com/advisories/GHSA-6h4f-pj3g-q8fq 38.0.0
2026-04-01T12:55:32.428195+00:00 GithubOSV Importer Fixing VCID-huxp-ctsp-fqay https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json 38.0.0
2026-04-01T12:53:45.489238+00:00 GitLab Importer Fixing VCID-whcc-r17q-gffx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml 38.0.0
2026-04-01T12:53:37.087002+00:00 GitLab Importer Fixing VCID-kk1t-t63f-rqg2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2025-12543.yml 38.0.0
2026-04-01T12:53:28.294953+00:00 GitLab Importer Fixing VCID-huxp-ctsp-fqay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml 38.0.0
2026-04-01T12:52:25.721527+00:00 GithubOSV Importer Fixing VCID-kk1t-t63f-rqg2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-j382-5jj3-vw4j/GHSA-j382-5jj3-vw4j.json 38.0.0
2026-04-01T12:52:21.758706+00:00 GithubOSV Importer Fixing VCID-whcc-r17q-gffx https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-33hj-rcmx-86mv/GHSA-33hj-rcmx-86mv.json 38.0.0