Search for packages
| purl | pkg:rpm/redhat/eap7-wildfly@7.3.9-2.GA_redhat_00002.1?arch=el8eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-14ff-vn3t-vyhy
Aliases: CVE-2021-3690 GHSA-fj7c-vg2v-ccrm GMS-2022-2964 |
Undertow vulnerable to memory exhaustion due to buffer leak Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service. | There are no reported fixed by versions. |
|
VCID-gsr8-1dea-effx
Aliases: CVE-2021-3597 GHSA-mfhv-gwf8-4m88 |
undertow Race Condition vulnerability A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. | There are no reported fixed by versions. |
|
VCID-msck-u3y4-tqcn
Aliases: CVE-2021-29425 GHSA-gwrp-pvrq-jmwv |
Path Traversal and Improper Input Validation in Apache Commons IO In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | There are no reported fixed by versions. |
|
VCID-ppap-96ds-9ygc
Aliases: CVE-2021-3644 GHSA-w88m-2936-rmxr |
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. | There are no reported fixed by versions. |
|
VCID-ysp6-t713-ffgr
Aliases: CVE-2021-28170 GHSA-v6w3-2prq-h95f |
Improper Input Validation in Jakarta Expression Language In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:02:37.565778+00:00 | RedHat Importer | Affected by | VCID-ysp6-t713-ffgr | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28170.json | 38.0.0 |
| 2026-04-01T14:02:33.630442+00:00 | RedHat Importer | Affected by | VCID-msck-u3y4-tqcn | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29425.json | 38.0.0 |
| 2026-04-01T14:02:01.644993+00:00 | RedHat Importer | Affected by | VCID-gsr8-1dea-effx | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json | 38.0.0 |
| 2026-04-01T14:01:52.157201+00:00 | RedHat Importer | Affected by | VCID-ppap-96ds-9ygc | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3644.json | 38.0.0 |
| 2026-04-01T14:01:44.537355+00:00 | RedHat Importer | Affected by | VCID-14ff-vn3t-vyhy | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json | 38.0.0 |