VulnerableCode Package Details - pkg:maven/io.undertow/undertow-core@2.4.0.Beta1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-huxp-ctsp-fqay	Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.	CVE-2024-3884 GHSA-6h4f-pj3g-q8fq
VCID-tc7q-5xss-nyfh	Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).	CVE-2026-3260 GHSA-3x3v-w654-m28m
VCID-whcc-r17q-gffx	Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.	CVE-2024-4027 GHSA-33hj-rcmx-86mv

Vulnerability

Summary

Aliases

VCID-huxp-ctsp-fqay

Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

CVE-2024-3884
GHSA-6h4f-pj3g-q8fq

VCID-tc7q-5xss-nyfh

Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).

CVE-2026-3260
GHSA-3x3v-w654-m28m

VCID-whcc-r17q-gffx

Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service (DoS) attack.

CVE-2024-4027
GHSA-33hj-rcmx-86mv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:13:49.162847+00:00	GitLab Importer	Fixing	VCID-whcc-r17q-gffx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml	38.4.0
2026-04-17T00:01:41.772075+00:00	GitLab Importer	Fixing	VCID-huxp-ctsp-fqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml	38.4.0
2026-04-12T01:37:43.614334+00:00	GitLab Importer	Fixing	VCID-whcc-r17q-gffx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml	38.3.0
2026-04-12T01:24:39.437273+00:00	GitLab Importer	Fixing	VCID-huxp-ctsp-fqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml	38.3.0
2026-04-03T01:46:40.956466+00:00	GitLab Importer	Fixing	VCID-whcc-r17q-gffx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml	38.1.0
2026-04-03T01:33:16.831969+00:00	GitLab Importer	Fixing	VCID-huxp-ctsp-fqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml	38.1.0
2026-04-02T17:01:21.839009+00:00	GHSA Importer	Fixing	VCID-tc7q-5xss-nyfh	https://github.com/advisories/GHSA-3x3v-w654-m28m	38.1.0
2026-04-01T16:07:51.896120+00:00	GHSA Importer	Fixing	VCID-whcc-r17q-gffx	https://github.com/advisories/GHSA-33hj-rcmx-86mv	38.0.0
2026-04-01T16:07:16.398284+00:00	GHSA Importer	Fixing	VCID-huxp-ctsp-fqay	https://github.com/advisories/GHSA-6h4f-pj3g-q8fq	38.0.0
2026-04-01T12:55:32.367791+00:00	GithubOSV Importer	Fixing	VCID-huxp-ctsp-fqay	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-6h4f-pj3g-q8fq/GHSA-6h4f-pj3g-q8fq.json	38.0.0
2026-04-01T12:54:03.834044+00:00	GithubOSV Importer	Fixing	VCID-tc7q-5xss-nyfh	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-3x3v-w654-m28m/GHSA-3x3v-w654-m28m.json	38.0.0
2026-04-01T12:53:45.487796+00:00	GitLab Importer	Fixing	VCID-whcc-r17q-gffx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4027.yml	38.0.0
2026-04-01T12:53:28.292951+00:00	GitLab Importer	Fixing	VCID-huxp-ctsp-fqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3884.yml	38.0.0
2026-04-01T12:52:21.713589+00:00	GithubOSV Importer	Fixing	VCID-whcc-r17q-gffx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-33hj-rcmx-86mv/GHSA-33hj-rcmx-86mv.json	38.0.0