VulnerableCode Package Details - pkg:maven/io.undertow/undertow-core@2.4.0.Alpha1

Search for packages

Vulnerability	Summary	Fixed by
VCID-huxp-ctsp-fqay Aliases: CVE-2024-3884 GHSA-6h4f-pj3g-q8fq	Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.	2.4.0.Beta1 Affected by 0 other vulnerabilities.
VCID-kk1t-t63f-rqg2 Aliases: CVE-2025-12543 GHSA-j382-5jj3-vw4j	Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.	There are no reported fixed by versions.
VCID-whcc-r17q-gffx Aliases: CVE-2024-4027 GHSA-33hj-rcmx-86mv	Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.	2.4.0.Beta1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-huxp-ctsp-fqay
Aliases:
CVE-2024-3884
GHSA-6h4f-pj3g-q8fq

Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

2.4.0.Beta1
Affected by 0 other vulnerabilities.

VCID-kk1t-t63f-rqg2
Aliases:
CVE-2025-12543
GHSA-j382-5jj3-vw4j

Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

There are no reported fixed by versions.

VCID-whcc-r17q-gffx
Aliases:
CVE-2024-4027
GHSA-33hj-rcmx-86mv

Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.

2.4.0.Beta1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T16:07:51.894434+00:00	GHSA Importer	Affected by	VCID-whcc-r17q-gffx	https://github.com/advisories/GHSA-33hj-rcmx-86mv	38.0.0
2026-04-01T16:07:30.121394+00:00	GHSA Importer	Affected by	VCID-kk1t-t63f-rqg2	https://github.com/advisories/GHSA-j382-5jj3-vw4j	38.0.0
2026-04-01T16:07:16.395024+00:00	GHSA Importer	Affected by	VCID-huxp-ctsp-fqay	https://github.com/advisories/GHSA-6h4f-pj3g-q8fq	38.0.0
2026-04-01T12:55:32.366016+00:00	GithubOSV Importer	Affected by	VCID-huxp-ctsp-fqay	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json	38.0.0
2026-04-01T12:52:21.711197+00:00	GithubOSV Importer	Affected by	VCID-whcc-r17q-gffx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-33hj-rcmx-86mv/GHSA-33hj-rcmx-86mv.json	38.0.0