Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/204983?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/204983?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.34.Final", "type": "maven", "namespace": "io.undertow", "name": "undertow-core", "version": "2.0.34.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.20.Final", "latest_non_vulnerable_version": "2.4.0.Beta1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53957?format=api", "vulnerability_id": "VCID-14ff-vn3t-vyhy", "summary": "Undertow vulnerable to memory exhaustion due to buffer leak\nBuffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3690.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3690" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-3690#cve-cvss-v3" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51106", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.512", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51214", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51236", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51192", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51195", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51183", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51159", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991299" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/c7e84a0b7efced38506d7d1dfea5902366973877" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1935", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3690" }, { "reference_url": "https://www.mend.io/vulnerability-database/CVE-2021-3690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mend.io/vulnerability-database/CVE-2021-3690" }, { "reference_url": "https://github.com/advisories/GHSA-fj7c-vg2v-ccrm", "reference_id": "GHSA-fj7c-vg2v-ccrm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fj7c-vg2v-ccrm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3216", "reference_id": "RHSA-2021:3216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3217", "reference_id": "RHSA-2021:3217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3218", "reference_id": "RHSA-2021:3218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3219", "reference_id": "RHSA-2021:3219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3466", "reference_id": "RHSA-2021:3466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3467", "reference_id": "RHSA-2021:3467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3468", "reference_id": "RHSA-2021:3468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3471", "reference_id": "RHSA-2021:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3516", "reference_id": "RHSA-2021:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3656", "reference_id": "RHSA-2021:3656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3658", "reference_id": "RHSA-2021:3658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3660", "reference_id": "RHSA-2021:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1029", "reference_id": "RHSA-2022:1029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81439?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.40", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/84197?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.40.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-k6c9-mckm-cyhy" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-sxup-wzjc-tue1" }, { "vulnerability": "VCID-urxh-sp91-kuet" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/81440?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/143962?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.10.Final" } ], "aliases": [ "CVE-2021-3690", "GHSA-fj7c-vg2v-ccrm", "GMS-2022-2964" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14ff-vn3t-vyhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17350?format=api", "vulnerability_id": "VCID-1vrj-chs2-d3ab", "summary": "Undertow Denial of Service vulnerability\nA flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1675", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1676", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1677", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-1973" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72602", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72571", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72609", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.7262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72637", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72587", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72564", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00727", "scoring_system": "epss", "scoring_elements": "0.72614", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185662" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1973" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815", "reference_id": "1068815", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://github.com/advisories/GHSA-97cq-f4jm-mv8h", "reference_id": "GHSA-97cq-f4jm-mv8h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-97cq-f4jm-mv8h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57282?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.32.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.32.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/57285?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.13.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.13.Final" } ], "aliases": [ "CVE-2023-1973", "GHSA-97cq-f4jm-mv8h" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vrj-chs2-d3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15579?format=api", "vulnerability_id": "VCID-2cv5-9v62-kfbm", "summary": "Undertow Path Traversal vulnerability\nA path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1674", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1676", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1677", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2024:1677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2763", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2764" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1459", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1459" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.9307", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93073", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93085", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.9309", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10104", "scoring_system": "epss", "scoring_elements": "0.93088", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1556", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1556" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2339", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-2339" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1459" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241122-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241122-0008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816", "reference_id": "1068816", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-v76w-3ph8-vm66", "reference_id": "GHSA-v76w-3ph8-vm66", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v76w-3ph8-vm66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54465?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.31.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.31.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/54464?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.12.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.12.Final" } ], "aliases": [ "CVE-2024-1459", "GHSA-v76w-3ph8-vm66" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2cv5-9v62-kfbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79134?format=api", "vulnerability_id": "VCID-4v1f-kt5y-w7d1", "summary": "Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57338", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57366", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57368", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57383", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57363", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00521", "scoring_system": "epss", "scoring_elements": "0.66803", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506", "reference_id": "2117506", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117506" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764", "reference_id": "CVE-2022-2764", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2764" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8790", "reference_id": "RHSA-2022:8790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8791", "reference_id": "RHSA-2022:8791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8792", "reference_id": "RHSA-2022:8792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8793", "reference_id": "RHSA-2022:8793", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8793" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/326809?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/324342?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final" } ], "aliases": [ "CVE-2022-2764" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4v1f-kt5y-w7d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20196?format=api", "vulnerability_id": "VCID-5585-a76n-zubf", "summary": "Allocation of Resources Without Limits or Throttling\nA flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4509", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34005", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34108", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34028", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33999", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34073", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242099" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055", "reference_id": "1059055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5379", "reference_id": "CVE-2023-5379", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-5379" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379", "reference_id": "CVE-2023-5379", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57012?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.11.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.11.Final" } ], "aliases": [ "CVE-2023-5379" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5585-a76n-zubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79542?format=api", "vulnerability_id": "VCID-62gn-nwup-8uat", "summary": "undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.5052", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50576", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50604", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50557", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50608", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50614", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1259" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339", "reference_id": "2072339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072339" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-1259", "reference_id": "CVE-2022-1259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2022-1259" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259", "reference_id": "CVE-2022-1259", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6821", "reference_id": "RHSA-2022:6821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6822", "reference_id": "RHSA-2022:6822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6823", "reference_id": "RHSA-2022:6823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6825", "reference_id": "RHSA-2022:6825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8761", "reference_id": "RHSA-2022:8761", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8761" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/326809?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final" } ], "aliases": [ "CVE-2022-1259" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62gn-nwup-8uat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35684?format=api", "vulnerability_id": "VCID-73st-24ck-uydb", "summary": "HTTP Request Smuggling in Undertow\nA flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31396", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3139", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31527", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31474", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31432", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10687" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785049" }, { "reference_url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10687" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0015", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0015" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0015/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0015/" }, { "reference_url": "https://github.com/advisories/GHSA-p9w3-gwc2-cr49", "reference_id": "GHSA-p9w3-gwc2-cr49", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9w3-gwc2-cr49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872", "reference_id": "RHSA-2021:0872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873", "reference_id": "RHSA-2021:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874", "reference_id": "RHSA-2021:0874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885", "reference_id": "RHSA-2021:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0885" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74182?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final" } ], "aliases": [ "CVE-2020-10687", "GHSA-p9w3-gwc2-cr49" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-73st-24ck-uydb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19187?format=api", "vulnerability_id": "VCID-7yc7-e35f-8uhj", "summary": "Uncontrolled Resource Consumption\nA flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4505" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4507", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4509", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4509" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4918", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4919", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4920", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4921", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4921" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4924", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7247", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7247" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75305", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75328", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75346", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75358", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75296", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00879", "scoring_system": "epss", "scoring_elements": "0.75379", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3223" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209689" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893", "reference_id": "1054893", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13", "reference_id": "cpe:/a:redhat:openstack-optools:13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.5", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-3223", "reference_id": "CVE-2023-3223", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-3223" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223", "reference_id": "CVE-2023-3223", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3223" }, { "reference_url": "https://github.com/advisories/GHSA-65h2-wf7m-q2v8", "reference_id": "GHSA-65h2-wf7m-q2v8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65h2-wf7m-q2v8" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0004/", "reference_id": "ntap-20231027-0004", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56062?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.24.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final" } ], "aliases": [ "CVE-2023-3223", "GHSA-65h2-wf7m-q2v8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yc7-e35f-8uhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79532?format=api", "vulnerability_id": "VCID-93ut-2de3-ckc5", "summary": "undertow: Double AJP response for 400 from EAP 7 results in CPING failures", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78805", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78812", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78841", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.7885", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78856", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01193", "scoring_system": "epss", "scoring_elements": "0.78853", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1319" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://issues.redhat.com/browse/UNDERTOW-2060" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448", "reference_id": "1016448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890", "reference_id": "2073890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073890" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2022-1319", "reference_id": "CVE-2022-1319", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2022-1319" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319", "reference_id": "CVE-2022-1319", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1319" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8761", "reference_id": "RHSA-2022:8761", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8761" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/993932?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/324340?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.17.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/326809?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.20.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/324342?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final" } ], "aliases": [ "CVE-2022-1319" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93ut-2de3-ckc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53733?format=api", "vulnerability_id": "VCID-cf5j-2dz8-7bbu", "summary": "Undertow vulnerable to Denial of Service (DoS) attacks\nUndertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3859.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-3859", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-3859" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3859", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54154", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54104", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54054", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54051", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.5408", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54115", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54135", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54034", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010378" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1296" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1979", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1979" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3859" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221201-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221201-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221201-0004/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221201-0004/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983", "reference_id": "1015983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015983" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3859", "reference_id": "CVE-2021-3859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2021-3859" }, { "reference_url": "https://github.com/advisories/GHSA-339q-62wm-c39w", "reference_id": "GHSA-339q-62wm-c39w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-339q-62wm-c39w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0400", "reference_id": "RHSA-2022:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0400" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0401", "reference_id": "RHSA-2022:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0404", "reference_id": "RHSA-2022:0404", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0404" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0405", "reference_id": "RHSA-2022:0405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0406", "reference_id": "RHSA-2022:0406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0407", "reference_id": "RHSA-2022:0407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0408", "reference_id": "RHSA-2022:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0409", "reference_id": "RHSA-2022:0409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0410", "reference_id": "RHSA-2022:0410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0415", "reference_id": "RHSA-2022:0415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81281?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/324338?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.15.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.15.Final" } ], "aliases": [ "CVE-2021-3859", "GHSA-339q-62wm-c39w", "GMS-2022-2963" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cf5j-2dz8-7bbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55055?format=api", "vulnerability_id": "VCID-gsr8-1dea-effx", "summary": "undertow Race Condition vulnerability\nA flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38215", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38246", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38066", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38196", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38188", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38138", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3597" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970930" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3597" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220804-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220804-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220804-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220804-0003/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861", "reference_id": "989861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861" }, { "reference_url": "https://github.com/advisories/GHSA-mfhv-gwf8-4m88", "reference_id": "GHSA-mfhv-gwf8-4m88", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mfhv-gwf8-4m88" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3466", "reference_id": "RHSA-2021:3466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3467", "reference_id": "RHSA-2021:3467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3468", "reference_id": "RHSA-2021:3468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3471", "reference_id": "RHSA-2021:3471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3516", "reference_id": "RHSA-2021:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3534", "reference_id": "RHSA-2021:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3656", "reference_id": "RHSA-2021:3656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3658", "reference_id": "RHSA-2021:3658", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3658" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3660", "reference_id": "RHSA-2021:3660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82234?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.39.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-k6c9-mckm-cyhy" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-sxup-wzjc-tue1" }, { "vulnerability": "VCID-urxh-sp91-kuet" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.39.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/82233?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.9.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.9.Final" } ], "aliases": [ "CVE-2021-3597", "GHSA-mfhv-gwf8-4m88" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsr8-1dea-effx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35668?format=api", "vulnerability_id": "VCID-k6c9-mckm-cyhy", "summary": "HTTP Request Smuggling in Undertow\nA flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.3782", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37803", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37854", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37845", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37881", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37719", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37867", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.379", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10719" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10719" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0014" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0014/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459", "reference_id": "1828459", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828459" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913", "reference_id": "969913", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913" }, { "reference_url": "https://github.com/advisories/GHSA-cccf-7xw3-p2vr", "reference_id": "GHSA-cccf-7xw3-p2vr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cccf-7xw3-p2vr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2813", "reference_id": "RHSA-2020:2813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3585", "reference_id": "RHSA-2020:3585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74083?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-bpuw-kn4r-6kau" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final" } ], "aliases": [ "CVE-2020-10719", "GHSA-cccf-7xw3-p2vr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6c9-mckm-cyhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25609?format=api", "vulnerability_id": "VCID-ns3p-22xg-q3bz", "summary": "Undertow MadeYouReset HTTP/2 DDoS Vulnerability\nA flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23143", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:23143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0383", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0384", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0386", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3891", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4915", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4916", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4917", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4917" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4924", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:4924" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-9784", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-9784" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81427", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81394", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81392", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.8142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81426", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81447", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01553", "scoring_system": "epss", "scoring_elements": "0.81435", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9784" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1778", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://github.com/undertow-io/undertow/pull/1778" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1802", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1802" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1803", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1803" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1804" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1805", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1805" }, { "reference_url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2598", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-2598" }, { "reference_url": "https://kb.cert.org/vuls/id/767506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/" } ], "url": "https://kb.cert.org/vuls/id/767506" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784" }, { "reference_url": "https://www.kb.cert.org/vuls/id/767506", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/767506" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694", "reference_id": "1117694", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4", "reference_id": "cpe:/a:redhat:apache_camel_hawtio:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14", "reference_id": "cpe:/a:redhat:apache_camel_spring_boot:4.14", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://github.com/advisories/GHSA-95h4-w6j8-2rp8", "reference_id": "GHSA-95h4-w6j8-2rp8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95h4-w6j8-2rp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/68853?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.38.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5585-a76n-zubf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.38.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/68854?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.20.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.20.Final" } ], "aliases": [ "CVE-2025-9784", "GHSA-95h4-w6j8-2rp8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns3p-22xg-q3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56902?format=api", "vulnerability_id": "VCID-sxup-wzjc-tue1", "summary": "Improper Input Validation in Undertow\nA flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64302", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64315", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64342", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64223", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64281", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64331", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.6431", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64266", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770", "reference_id": "1752770", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "reference_url": "https://github.com/advisories/GHSA-2w73-fqqj-c92p", "reference_id": "GHSA-2w73-fqqj-c92p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2w73-fqqj-c92p" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2112", "reference_id": "RHSA-2020:2112", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2112" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83232?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-beaj-uk9m-17be" }, { "vulnerability": "VCID-bpuw-kn4r-6kau" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/204989?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-bpuw-kn4r-6kau" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-k6c9-mckm-cyhy" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-urxh-sp91-kuet" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final" } ], "aliases": [ "CVE-2020-1757", "GHSA-2w73-fqqj-c92p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxup-wzjc-tue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35291?format=api", "vulnerability_id": "VCID-urxh-sp91-kuet", "summary": "Allocation of Resources Without Limits or Throttling in Undertow\nA flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53202", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53234", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53254", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53186", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.5325", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53209", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10705" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803241" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10705" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0014" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0014/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0014/" }, { "reference_url": "https://github.com/advisories/GHSA-g4cp-h53p-v3v8", "reference_id": "GHSA-g4cp-h53p-v3v8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g4cp-h53p-v3v8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2058", "reference_id": "RHSA-2020:2058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2059", "reference_id": "RHSA-2020:2059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2060", "reference_id": "RHSA-2020:2060", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2060" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2061", "reference_id": "RHSA-2020:2061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2511", "reference_id": "RHSA-2020:2511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2512", "reference_id": "RHSA-2020:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2513", "reference_id": "RHSA-2020:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2515", "reference_id": "RHSA-2020:2515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2905", "reference_id": "RHSA-2020:2905", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2905" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3585", "reference_id": "RHSA-2020:3585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16668", "reference_id": "RHSA-2025:16668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16668" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74083?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-bpuw-kn4r-6kau" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final" } ], "aliases": [ "CVE-2020-10705", "GHSA-g4cp-h53p-v3v8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urxh-sp91-kuet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19036?format=api", "vulnerability_id": "VCID-usz2-tufg-k7gz", "summary": "Undertow denial of service vulnerability\nA flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1184", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1185", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1512", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1513", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1514" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1516", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:1516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2135", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:2135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3883", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3884", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3888", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3954", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:3954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4612", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:4612" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68502", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68503", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.6852", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68534", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1108" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174246" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1457", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1457" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231020-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231020-0002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253", "reference_id": "1033253", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2", "reference_id": "cpe:/a:redhat:camel_quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6", "reference_id": "cpe:/a:redhat:jboss_fuse:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_id": "cpe:/a:redhat:openshift_application_runtimes:1.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13", "reference_id": "cpe:/a:redhat:openstack:13", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2", "reference_id": "cpe:/a:redhat:quarkus:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2", "reference_id": "cpe:/a:redhat:service_registry:2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-1108", "reference_id": "CVE-2023-1108", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-1108" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108", "reference_id": "CVE-2023-1108", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1108" }, { "reference_url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78", "reference_id": "GHSA-m4mm-pg93-fv78", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://github.com/advisories/GHSA-m4mm-pg93-fv78" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231020-0002/", "reference_id": "ntap-20231020-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231020-0002/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56062?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.24.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/56061?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final" } ], "aliases": [ "CVE-2023-1108", "GHSA-m4mm-pg93-fv78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-usz2-tufg-k7gz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53159?format=api", "vulnerability_id": "VCID-xftw-raz7-b7e1", "summary": "Undertow vulnerable to Dos via Large AJP request\nWhen a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in \"All workers are in error state\" and mod_cluster responds \"503 Service Unavailable\" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the \"retry\" timeout passes. However, luckily, mod_proxy_balancer has \"forcerecovery\" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding \"503 Service Unavailable\". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53747", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53682", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53681", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53733", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.5378", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.53763", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/1350", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/1350" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-2133", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-2133" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862", "reference_id": "2095862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095862" }, { "reference_url": "https://github.com/advisories/GHSA-95rf-557x-44g5", "reference_id": "GHSA-95rf-557x-44g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95rf-557x-44g5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6821", "reference_id": "RHSA-2022:6821", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6822", "reference_id": "RHSA-2022:6822", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6822" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6823", "reference_id": "RHSA-2022:6823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6823" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6825", "reference_id": "RHSA-2022:6825", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6825" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8652", "reference_id": "RHSA-2022:8652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8652" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/993904?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-93ut-2de3-ckc5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/80820?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.19.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/80821?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2" }, { "url": "http://public2.vulnerablecode.io/api/packages/324342?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final" } ], "aliases": [ "CVE-2022-2053", "GHSA-95rf-557x-44g5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xftw-raz7-b7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16094?format=api", "vulnerability_id": "VCID-xme8-usmd-vqg3", "summary": "Undertow vulnerable to Race Condition\nA vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:11023" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6883", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:6883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7441", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7442", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7735", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7736", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:7736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8080", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:8080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16667", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16667" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0743", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0743" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-7885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-7885" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93305", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93299", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.9332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93321", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93317", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10699", "scoring_system": "epss", "scoring_elements": "0.93312", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7885" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7885" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241011-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241011-0004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854", "reference_id": "1082854", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4", "reference_id": "cpe:/a:redhat:apache_camel_hawtio:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7", "reference_id": "cpe:/a:redhat:apache_camel_spring_boot:3.20.7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2", "reference_id": "cpe:/a:redhat:apache_camel_spring_boot:4.4.2", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3", "reference_id": "cpe:/a:redhat:camel_spring_boot:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1", "reference_id": "cpe:/a:redhat:integration:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3", "reference_id": "cpe:/a:redhat:quarkus:3", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0", "reference_id": "cpe:/a:redhat:rhboac_hawtio:4.0.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0" }, { "reference_url": "https://github.com/advisories/GHSA-9623-mqmm-5rcf", "reference_id": "GHSA-9623-mqmm-5rcf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9623-mqmm-5rcf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55400?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.36.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.36.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/55411?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.3.17.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ns3p-22xg-q3bz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.17.Final" } ], "aliases": [ "CVE-2024-7885", "GHSA-9623-mqmm-5rcf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xme8-usmd-vqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58121?format=api", "vulnerability_id": "VCID-yn69-8upm-7yc2", "summary": "Undertow Uncontrolled Resource Consumption\nA flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52671", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52687", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52704", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52615", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52571", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52641", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52653", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52658", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52607", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3629" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977362" }, { "reference_url": "https://github.com/undertow-io/undertow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3629" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220729-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220729-0008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448", "reference_id": "1016448", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448" }, { "reference_url": "https://github.com/advisories/GHSA-rf6q-vx79-mjxr", "reference_id": "GHSA-rf6q-vx79-mjxr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rf6q-vx79-mjxr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4676", "reference_id": "RHSA-2021:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4677", "reference_id": "RHSA-2021:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4679", "reference_id": "RHSA-2021:4679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5149", "reference_id": "RHSA-2021:5149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5150", "reference_id": "RHSA-2021:5150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5151", "reference_id": "RHSA-2021:5151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5154", "reference_id": "RHSA-2021:5154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5170", "reference_id": "RHSA-2021:5170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0146", "reference_id": "RHSA-2022:0146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6407", "reference_id": "RHSA-2022:6407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6407" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84197?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.40.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-k6c9-mckm-cyhy" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-sxup-wzjc-tue1" }, { "vulnerability": "VCID-urxh-sp91-kuet" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/84198?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.11.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.11.Final" } ], "aliases": [ "CVE-2021-3629", "GHSA-rf6q-vx79-mjxr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn69-8upm-7yc2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52897?format=api", "vulnerability_id": "VCID-beaj-uk9m-17be", "summary": "Denial of service in Undertow\nA flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39893", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39918", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.399", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39928", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39751", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39905", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.3985", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27782" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901304" }, { "reference_url": "https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90" }, { "reference_url": "https://issues.redhat.com/browse/UNDERTOW-1813", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/UNDERTOW-1813" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27782" }, { "reference_url": "https://github.com/advisories/GHSA-rhcw-wjcm-9h6g", "reference_id": "GHSA-rhcw-wjcm-9h6g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rhcw-wjcm-9h6g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0246", "reference_id": "RHSA-2021:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0247", "reference_id": "RHSA-2021:0247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0248", "reference_id": "RHSA-2021:0248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0250", "reference_id": "RHSA-2021:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0295", "reference_id": "RHSA-2021:0295", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0295" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0327", "reference_id": "RHSA-2021:0327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3205", "reference_id": "RHSA-2021:3205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3207", "reference_id": "RHSA-2021:3207", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3207" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3425", "reference_id": "RHSA-2021:3425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80537?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beaj-uk9m-17be" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/204983?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.34.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-k6c9-mckm-cyhy" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-sxup-wzjc-tue1" }, { "vulnerability": "VCID-urxh-sp91-kuet" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/80536?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-beaj-uk9m-17be" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/215337?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/231570?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.2.4.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.4.Final" } ], "aliases": [ "CVE-2020-27782", "GHSA-rhcw-wjcm-9h6g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-beaj-uk9m-17be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46035?format=api", "vulnerability_id": "VCID-bpuw-kn4r-6kau", "summary": "HTTP request smuggling in Undertow\nA flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39866", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39744", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39892", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.3992", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39898", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39911", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39921", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39886", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20220" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1923133" }, { "reference_url": "https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20220" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0013" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0013/" }, { "reference_url": "https://github.com/advisories/GHSA-qjwc-v72v-fq6r", "reference_id": "GHSA-qjwc-v72v-fq6r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjwc-v72v-fq6r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872", "reference_id": "RHSA-2021:0872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873", "reference_id": "RHSA-2021:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874", "reference_id": "RHSA-2021:0874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885", "reference_id": "RHSA-2021:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2210", "reference_id": "RHSA-2021:2210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2755", "reference_id": "RHSA-2021:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2755" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76628?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/204983?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.0.34.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-k6c9-mckm-cyhy" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-sxup-wzjc-tue1" }, { "vulnerability": "VCID-urxh-sp91-kuet" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/76627?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/215337?format=api", "purl": "pkg:maven/io.undertow/undertow-core@2.1.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14ff-vn3t-vyhy" }, { "vulnerability": "VCID-1vrj-chs2-d3ab" }, { "vulnerability": "VCID-2cv5-9v62-kfbm" }, { "vulnerability": "VCID-4v1f-kt5y-w7d1" }, { "vulnerability": "VCID-5585-a76n-zubf" }, { "vulnerability": "VCID-62gn-nwup-8uat" }, { "vulnerability": "VCID-73st-24ck-uydb" }, { "vulnerability": "VCID-7yc7-e35f-8uhj" }, { "vulnerability": "VCID-93ut-2de3-ckc5" }, { "vulnerability": "VCID-cf5j-2dz8-7bbu" }, { "vulnerability": "VCID-gsr8-1dea-effx" }, { "vulnerability": "VCID-ns3p-22xg-q3bz" }, { "vulnerability": "VCID-usz2-tufg-k7gz" }, { "vulnerability": "VCID-xftw-raz7-b7e1" }, { "vulnerability": "VCID-xme8-usmd-vqg3" }, { "vulnerability": "VCID-yn69-8upm-7yc2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final" } ], "aliases": [ "CVE-2021-20220", "GHSA-qjwc-v72v-fq6r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpuw-kn4r-6kau" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final" }