{"url":"http://public2.vulnerablecode.io/api/packages/369845?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.28.Final","type":"maven","namespace":"io.undertow","name":"undertow-core","version":"1.3.28.Final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.0.Beta1","latest_non_vulnerable_version":"2.4.0.Beta1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55523?format=json","vulnerability_id":"VCID-1gj2-hze9-tbbs","summary":"Undertow vulnerable to Request Smuggling\nIn Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7559.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7559","reference_id":"","reference_type":"","scores":[{"value":"0.01128","scoring_system":"epss","scoring_elements":"0.7861","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7559"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-1251","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-1251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7559","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7559"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1481665","reference_id":"1481665","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1481665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576","reference_id":"885576","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576"},{"reference_url":"https://github.com/advisories/GHSA-rj76-h87p-r3wf","reference_id":"GHSA-rj76-h87p-r3wf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rj76-h87p-r3wf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/115288?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/115282?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/115298?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/323893?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final"}],"aliases":["CVE-2017-7559","GHSA-rj76-h87p-r3wf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gj2-hze9-tbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36319?format=json","vulnerability_id":"VCID-2s32-g9v8-gyea","summary":"undertow: AJP Request closes connection exceeding maxRequestSize","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4509","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4509"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5379","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36781","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055","reference_id":"1059055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059055"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242099","reference_id":"2242099","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242099"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6","reference_id":"cpe:/a:redhat:jboss_fuse:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0","reference_id":"cpe:/a:redhat:openshift_application_runtimes:1.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-5379","reference_id":"CVE-2023-5379","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2023-12-18T21:09:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-5379"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5379","reference_id":"CVE-2023-5379","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5379"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35566?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.11.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.11.Final"}],"aliases":["CVE-2023-5379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2s32-g9v8-gyea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42003?format=json","vulnerability_id":"VCID-4dbr-frxv-effj","summary":"Allocation of Resources Without Limits or Throttling in Undertow\nA flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the \"Expect: 100-continue\" header may cause an out of memory error. This flaw may potentially lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10705","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53504","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10705"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1803241","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1803241"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10705","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10705"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0014","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0014"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16668","reference_id":"RHSA-2025:16668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75807?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final"}],"aliases":["CVE-2020-10705","GHSA-g4cp-h53p-v3v8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dbr-frxv-effj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18576?format=json","vulnerability_id":"VCID-56nd-2jar-fkgb","summary":"undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9784.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-9784","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-9784"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9784","reference_id":"","reference_type":"","scores":[{"value":"0.02234","scoring_system":"epss","scoring_elements":"0.84805","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9784"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1778","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://github.com/undertow-io/undertow/pull/1778"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1802","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1802"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1803","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1803"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1804","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1804"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1805","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1805"},{"reference_url":"https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-2598","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://issues.redhat.com/browse/UNDERTOW-2598"},{"reference_url":"https://kb.cert.org/vuls/id/767506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://kb.cert.org/vuls/id/767506"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9784","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-9784"},{"reference_url":"https://www.kb.cert.org/vuls/id/767506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/767506"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694","reference_id":"1117694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392306","reference_id":"2392306","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392306"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4","reference_id":"cpe:/a:redhat:apache_camel_hawtio:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14","reference_id":"cpe:/a:redhat:apache_camel_spring_boot:4.14","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.14"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://github.com/advisories/GHSA-95h4-w6j8-2rp8","reference_id":"GHSA-95h4-w6j8-2rp8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-95h4-w6j8-2rp8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23143","reference_id":"RHSA-2025:23143","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0383","reference_id":"RHSA-2026:0383","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0384","reference_id":"RHSA-2026:0384","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0386","reference_id":"RHSA-2026:0386","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3889","reference_id":"RHSA-2026:3889","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3891","reference_id":"RHSA-2026:3891","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3892","reference_id":"RHSA-2026:3892","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4915","reference_id":"RHSA-2026:4915","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4916","reference_id":"RHSA-2026:4916","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4917","reference_id":"RHSA-2026:4917","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4917"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4924","reference_id":"RHSA-2026:4924","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:4924"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62368?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.38.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.38.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/62369?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.20.Final"}],"aliases":["CVE-2025-9784","GHSA-95h4-w6j8-2rp8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56nd-2jar-fkgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10558?format=json","vulnerability_id":"VCID-5qmh-jjef-mkeu","summary":"Undertow Path Traversal vulnerability\nA path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1674","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1675","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1676","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1677","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2024:1677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2763","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2764","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2764"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1459.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1459","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1459"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1459","reference_id":"","reference_type":"","scores":[{"value":"0.10104","scoring_system":"epss","scoring_elements":"0.9321","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1459"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259475","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T15:51:43Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2259475"},{"reference_url":"https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/40bb3314f013247af8e222870bd5045ca8650c5c"},{"reference_url":"https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/54f3e4325425c472f5af5fc973e02df83d7a711a"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1556","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1556"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-2339","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-2339"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1459","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1459"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241122-0008","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241122-0008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816","reference_id":"1068816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6","reference_id":"cpe:/a:redhat:jboss_fuse:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-v76w-3ph8-vm66","reference_id":"GHSA-v76w-3ph8-vm66","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v76w-3ph8-vm66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26809?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.31.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.31.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/26808?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.12.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.12.Final"}],"aliases":["CVE-2024-1459","GHSA-v76w-3ph8-vm66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qmh-jjef-mkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45601?format=json","vulnerability_id":"VCID-6u8h-sa9p-hfem","summary":"undertow: potential security issue in flow control over HTTP/2 may lead to DOS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3629","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52894","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3629"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3629","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3629"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220729-0008","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220729-0008"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448","reference_id":"1016448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977362","reference_id":"1977362","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1977362"},{"reference_url":"https://github.com/advisories/GHSA-rf6q-vx79-mjxr","reference_id":"GHSA-rf6q-vx79-mjxr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rf6q-vx79-mjxr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4676","reference_id":"RHSA-2021:4676","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4677","reference_id":"RHSA-2021:4677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4679","reference_id":"RHSA-2021:4679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4767","reference_id":"RHSA-2021:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4767"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5134","reference_id":"RHSA-2021:5134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5149","reference_id":"RHSA-2021:5149","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5150","reference_id":"RHSA-2021:5150","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5151","reference_id":"RHSA-2021:5151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5154","reference_id":"RHSA-2021:5154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5170","reference_id":"RHSA-2021:5170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0146","reference_id":"RHSA-2022:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1179","reference_id":"RHSA-2022:1179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1179"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6407","reference_id":"RHSA-2022:6407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/178928?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.40.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.40.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/178930?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.11.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.11.Final"}],"aliases":["CVE-2021-3629","GHSA-rf6q-vx79-mjxr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6u8h-sa9p-hfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49688?format=json","vulnerability_id":"VCID-6z8a-xkn1-5fg4","summary":"undertow: AJP File Read/Inclusion Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70746","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745"},{"reference_url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745"},{"reference_url":"https://www.cnvd.org.cn/webinfo/show/5415","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cnvd.org.cn/webinfo/show/5415"},{"reference_url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305","reference_id":"1807305","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0812","reference_id":"RHSA-2020:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0813","reference_id":"RHSA-2020:0813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0952","reference_id":"RHSA-2020:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0961","reference_id":"RHSA-2020:0961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0962","reference_id":"RHSA-2020:0962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/446096?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.30.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/181048?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.30","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30"}],"aliases":["CVE-2020-1745","GHSA-gv2w-88hx-8m9r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6z8a-xkn1-5fg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48499?format=json","vulnerability_id":"VCID-7k6w-u4en-z3fp","summary":"Credential exposure through log files in Undertow\nA vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2439","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2998","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3888","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68405","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3888","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3888"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0019","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0019"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0019/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220210-0019/"},{"reference_url":"http://www.securityfocus.com/bid/108739","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/108739"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693777","reference_id":"1693777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349","reference_id":"930349","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349"},{"reference_url":"https://github.com/advisories/GHSA-jwgx-9mmh-684w","reference_id":"GHSA-jwgx-9mmh-684w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jwgx-9mmh-684w"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1419","reference_id":"RHSA-2019:1419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1420","reference_id":"RHSA-2019:1420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1421","reference_id":"RHSA-2019:1421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1424","reference_id":"RHSA-2019:1424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83601?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21"},{"url":"http://public2.vulnerablecode.io/api/packages/370484?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.21.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final"}],"aliases":["CVE-2019-3888","GHSA-jwgx-9mmh-684w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7k6w-u4en-z3fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11358?format=json","vulnerability_id":"VCID-b79t-d8hn-fuad","summary":"Undertow vulnerable to Race Condition\nA vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:11023","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:11023"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6508","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6883","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7441","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:7441"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7442","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:7442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7735","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:7735"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:7736","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:7736"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8080","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16667","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:16667"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0743","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0743"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7885.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7885","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7885"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7885","reference_id":"","reference_type":"","scores":[{"value":"0.10699","scoring_system":"epss","scoring_elements":"0.93439","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7885"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2305290","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2305290"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/blob/182e4ca1543c52f438b0244c930dca3d8b6e68e3/core/src/main/java/io/undertow/server/protocol/proxy/ProxyProtocolReadListener.java"},{"reference_url":"https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1"},{"reference_url":"https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7885","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7885"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241011-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241011-0004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854","reference_id":"1082854","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082854"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4","reference_id":"cpe:/a:redhat:apache_camel_hawtio:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7","reference_id":"cpe:/a:redhat:apache_camel_spring_boot:3.20.7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:3.20.7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2","reference_id":"cpe:/a:redhat:apache_camel_spring_boot:4.4.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_spring_boot:4.4.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3","reference_id":"cpe:/a:redhat:camel_spring_boot:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1","reference_id":"cpe:/a:redhat:integration:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0","reference_id":"cpe:/a:redhat:rhboac_hawtio:4.0.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhboac_hawtio:4.0.0"},{"reference_url":"https://github.com/advisories/GHSA-9623-mqmm-5rcf","reference_id":"GHSA-9623-mqmm-5rcf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9623-mqmm-5rcf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33139?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.36.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.36.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/33150?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.17.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.17.Final"}],"aliases":["CVE-2024-7885","GHSA-9623-mqmm-5rcf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b79t-d8hn-fuad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56943?format=json","vulnerability_id":"VCID-b89n-h213-ebg6","summary":"undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1757","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.646","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1757","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752770","reference_id":"1752770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/446106?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/155511?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-xnx2-x6a6-nfgc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0"}],"aliases":["CVE-2020-1757","GHSA-2w73-fqqj-c92p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b89n-h213-ebg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45194?format=json","vulnerability_id":"VCID-cj8u-t2nv-rudr","summary":"undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3597","reference_id":"","reference_type":"","scores":[{"value":"0.00169","scoring_system":"epss","scoring_elements":"0.37873","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3597"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3597","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3597"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220804-0003","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220804-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220804-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220804-0003/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970930","reference_id":"1970930","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970930"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861","reference_id":"989861","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989861"},{"reference_url":"https://github.com/advisories/GHSA-mfhv-gwf8-4m88","reference_id":"GHSA-mfhv-gwf8-4m88","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mfhv-gwf8-4m88"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3466","reference_id":"RHSA-2021:3466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3467","reference_id":"RHSA-2021:3467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3468","reference_id":"RHSA-2021:3468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3471","reference_id":"RHSA-2021:3471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3516","reference_id":"RHSA-2021:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3534","reference_id":"RHSA-2021:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3656","reference_id":"RHSA-2021:3656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3658","reference_id":"RHSA-2021:3658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3660","reference_id":"RHSA-2021:3660","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3660"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5134","reference_id":"RHSA-2021:5134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1179","reference_id":"RHSA-2022:1179","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1179"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119513?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.39.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.39.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/119512?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.9.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.9.Final"}],"aliases":["CVE-2021-3597","GHSA-mfhv-gwf8-4m88"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cj8u-t2nv-rudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35982?format=json","vulnerability_id":"VCID-dgdt-rbkt-rufb","summary":"Undertow vulnerable to denial of service\nA flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4505","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4506","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4507","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4509","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4509"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4918","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4919","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4920","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4921","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4921"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4924","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7247","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:7247"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3223.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3223","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3223"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3223","reference_id":"","reference_type":"","scores":[{"value":"0.00649","scoring_system":"epss","scoring_elements":"0.71132","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3223"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2209689","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2209689"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3223","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3223"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231027-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231027-0004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893","reference_id":"1054893","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054893"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1","reference_id":"cpe:/a:redhat:integration:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6","reference_id":"cpe:/a:redhat:jboss_fuse:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0","reference_id":"cpe:/a:redhat:openshift_application_runtimes:1.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13","reference_id":"cpe:/a:redhat:openstack-optools:13","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack-optools:13"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.5","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.5"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://github.com/advisories/GHSA-65h2-wf7m-q2v8","reference_id":"GHSA-65h2-wf7m-q2v8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-65h2-wf7m-q2v8"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231027-0004/","reference_id":"ntap-20231027-0004","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231027-0004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68056?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.24.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final"}],"aliases":["CVE-2023-3223","GHSA-65h2-wf7m-q2v8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgdt-rbkt-rufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61470?format=json","vulnerability_id":"VCID-dhpt-822y-fybs","summary":"undertow: improper whitespace parsing leading to potential HTTP request smuggling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78297","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-1251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-1251"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490301","reference_id":"1490301","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490301"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338","reference_id":"885338","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338"},{"reference_url":"https://github.com/advisories/GHSA-5gg7-5wv8-4gcj","reference_id":"GHSA-5gg7-5wv8-4gcj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5gg7-5wv8-4gcj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80968?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31"},{"url":"http://public2.vulnerablecode.io/api/packages/115288?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/80969?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17"},{"url":"http://public2.vulnerablecode.io/api/packages/115282?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/185579?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-qx1b-zka2-8ff4"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/323893?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final"}],"aliases":["CVE-2017-12165","GHSA-5gg7-5wv8-4gcj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhpt-822y-fybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42067?format=json","vulnerability_id":"VCID-er9t-muu3-r7cy","summary":"undertow: Large AJP request may cause DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2053","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.53979","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095862&comment#0"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1350","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1350"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-2133","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-2133"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2053","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095862","reference_id":"2095862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095862"},{"reference_url":"https://github.com/advisories/GHSA-95rf-557x-44g5","reference_id":"GHSA-95rf-557x-44g5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95rf-557x-44g5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6821","reference_id":"RHSA-2022:6821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6822","reference_id":"RHSA-2022:6822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6823","reference_id":"RHSA-2022:6823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6825","reference_id":"RHSA-2022:6825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8652","reference_id":"RHSA-2022:8652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8652"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87374?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.19.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/87376?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.0.Alpha2"},{"url":"http://public2.vulnerablecode.io/api/packages/566401?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-vmpj-hkf3-97fa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final"}],"aliases":["CVE-2022-2053","GHSA-95rf-557x-44g5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-er9t-muu3-r7cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57960?format=json","vulnerability_id":"VCID-fg6n-kzd6-vkbz","summary":"undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0362","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0364","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0365","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0380","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1106","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1107","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1108","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1140","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1140"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14642","reference_id":"","reference_type":"","scores":[{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72503","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14642","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628702","reference_id":"1628702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796","reference_id":"911796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796"},{"reference_url":"https://github.com/advisories/GHSA-vf6r-mmhc-3xcm","reference_id":"GHSA-vf6r-mmhc-3xcm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vf6r-mmhc-3xcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/418123?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.15.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/369998?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/174620?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.19.FINAL","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL"}],"aliases":["CVE-2018-14642","GHSA-vf6r-mmhc-3xcm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fg6n-kzd6-vkbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12342?format=json","vulnerability_id":"VCID-hhvw-7kaq-ufe4","summary":"Undertow Denial of Service vulnerability\nA flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1674","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1675","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1676","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1676"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1677","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1677"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2763","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2764","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2764"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1973.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-1973","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-1973"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1973","reference_id":"","reference_type":"","scores":[{"value":"0.00727","scoring_system":"epss","scoring_elements":"0.72929","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185662","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185662"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258"},{"reference_url":"https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1973","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1973"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815","reference_id":"1068815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068815"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://github.com/advisories/GHSA-97cq-f4jm-mv8h","reference_id":"GHSA-97cq-f4jm-mv8h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-97cq-f4jm-mv8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36690?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.32.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.32.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/36706?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.13.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.13.Final"}],"aliases":["CVE-2023-1973","GHSA-97cq-f4jm-mv8h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhvw-7kaq-ufe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42845?format=json","vulnerability_id":"VCID-jwt3-xhp2-qkgu","summary":"undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1259","reference_id":"","reference_type":"","scores":[{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63449","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072339","reference_id":"2072339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072339"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1259","reference_id":"CVE-2022-1259","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1259","reference_id":"CVE-2022-1259","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6821","reference_id":"RHSA-2022:6821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6822","reference_id":"RHSA-2022:6822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6823","reference_id":"RHSA-2022:6823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6825","reference_id":"RHSA-2022:6825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8761","reference_id":"RHSA-2022:8761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/568864?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-vmpj-hkf3-97fa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final"}],"aliases":["CVE-2022-1259"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwt3-xhp2-qkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45063?format=json","vulnerability_id":"VCID-kp1y-8r1t-n3dw","summary":"HTTP request smuggling in Undertow\nA flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20220","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39611","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923133","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923133"},{"reference_url":"https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20220","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20220"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0013","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2210","reference_id":"RHSA-2021:2210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2755","reference_id":"RHSA-2021:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/446100?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.34.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/78930?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.34","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34"},{"url":"http://public2.vulnerablecode.io/api/packages/456835?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.6.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/78928?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6"}],"aliases":["CVE-2021-20220","GHSA-qjwc-v72v-fq6r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kp1y-8r1t-n3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48423?format=json","vulnerability_id":"VCID-rvcq-je5x-uqem","summary":"Potential to access user credentials from the log files when debug logging enabled\nA flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2998","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10212","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63821","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10212","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10212"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0017"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0017/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220210-0017/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731984","reference_id":"1731984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731984"},{"reference_url":"https://github.com/advisories/GHSA-8vh8-vc28-m2hf","reference_id":"GHSA-8vh8-vc28-m2hf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8vh8-vc28-m2hf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/430824?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/83526?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.20","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20"}],"aliases":["CVE-2019-10212","GHSA-8vh8-vc28-m2hf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvcq-je5x-uqem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58209?format=json","vulnerability_id":"VCID-s8gt-xt5k-tkeu","summary":"Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow\nIn Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1247","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1248","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1251","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2643","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1067","reference_id":"","reference_type":"","scores":[{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70527","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067"},{"reference_url":"https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8"},{"reference_url":"https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1067","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550671","reference_id":"1550671","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550671"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323","reference_id":"900323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323"},{"reference_url":"https://github.com/advisories/GHSA-47mp-rq2x-wjf2","reference_id":"GHSA-47mp-rq2x-wjf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47mp-rq2x-wjf2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2562","reference_id":"RHSA-2020:2562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145988?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.25.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/145993?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final"}],"aliases":["CVE-2018-1067","GHSA-47mp-rq2x-wjf2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8gt-xt5k-tkeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7590?format=json","vulnerability_id":"VCID-sxhu-antn-yyau","summary":"undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3260","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:31:14Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3260"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3260","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6498","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3260"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/releases/tag/2.4.0.Beta1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3260","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3260"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134949","reference_id":"1134949","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134949"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443010","reference_id":"2443010","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T12:31:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443010"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4","reference_id":"cpe:/a:redhat:apache_camel_hawtio:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:apache_camel_hawtio:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4","reference_id":"cpe:/a:redhat:camel_spring_boot:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_spring_boot:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://github.com/advisories/GHSA-3x3v-w654-m28m","reference_id":"GHSA-3x3v-w654-m28m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3x3v-w654-m28m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53640?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.4.0.Beta1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.4.0.Beta1"}],"aliases":["CVE-2026-3260","GHSA-3x3v-w654-m28m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxhu-antn-yyau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59019?format=json","vulnerability_id":"VCID-t7ps-myp7-4uaw","summary":"Uncontrolled Resource Consumption in Undertow\nIt was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2643","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1114","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72479","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1114"},{"reference_url":"https://bugs.openjdk.java.net/browse/JDK-6956385","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.openjdk.java.net/browse/JDK-6956385"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114"},{"reference_url":"https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e"},{"reference_url":"https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-1338","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-1338"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1114","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1114"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1573045","reference_id":"1573045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1573045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247","reference_id":"897247","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247"},{"reference_url":"https://github.com/advisories/GHSA-gjjx-gqm4-wcgm","reference_id":"GHSA-gjjx-gqm4-wcgm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gjjx-gqm4-wcgm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/145988?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.25.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/369989?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/145993?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final"}],"aliases":["CVE-2018-1114","GHSA-gjjx-gqm4-wcgm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t7ps-myp7-4uaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42814?format=json","vulnerability_id":"VCID-ttgy-5eyg-9ua6","summary":"undertow: Double AJP response for 400 from EAP 7 results in CPING failures","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1319","reference_id":"","reference_type":"","scores":[{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.7916","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1319"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b"},{"reference_url":"https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-2060","reference_id":"","reference_type":"","scores":[],"url":"https://issues.redhat.com/browse/UNDERTOW-2060"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448","reference_id":"1016448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890","reference_id":"2073890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1319","reference_id":"CVE-2022-1319","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1319"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319","reference_id":"CVE-2022-1319","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8761","reference_id":"RHSA-2022:8761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/566399?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.17.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.17.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/568864?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-vmpj-hkf3-97fa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/566401?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-vmpj-hkf3-97fa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final"}],"aliases":["CVE-2022-1319"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttgy-5eyg-9ua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54842?format=json","vulnerability_id":"VCID-tzhy-f227-rbep","summary":"Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow\nIt was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0478","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0479","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0480","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0481","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1048","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66706","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1048"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534343","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534343"},{"reference_url":"https://cwe.mitre.org/data/definitions/22.html","reference_id":"","reference_type":"","scores":[],"url":"https://cwe.mitre.org/data/definitions/22.html"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1048","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1048"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928","reference_id":"891928","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928"},{"reference_url":"https://github.com/advisories/GHSA-prfw-3qx6-g9xr","reference_id":"GHSA-prfw-3qx6-g9xr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prfw-3qx6-g9xr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/185579?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-qx1b-zka2-8ff4"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1"}],"aliases":["CVE-2018-1048","GHSA-prfw-3qx6-g9xr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tzhy-f227-rbep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59579?format=json","vulnerability_id":"VCID-vj7w-rdxh-t7fa","summary":"Incorrect Authorization in Undertow\nUndertow before versions 1.4.18.SP1 (not findable in Maven), 2.0.2.Final, and 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0478","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0479","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0480","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0481","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1525","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2405","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3768","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3768"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12196","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67548","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-1190","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-1190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12196","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503055","reference_id":"1503055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503055"},{"reference_url":"https://github.com/advisories/GHSA-cp7v-vmv7-6x2q","reference_id":"GHSA-cp7v-vmv7-6x2q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp7v-vmv7-6x2q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2561","reference_id":"RHSA-2020:2561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2562","reference_id":"RHSA-2020:2562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/369448?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.19.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/155303?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.24.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/145988?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.25.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2kmu-d3bh-2kbr"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/155294?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.2.FInal","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2.FInal"},{"url":"http://public2.vulnerablecode.io/api/packages/369449?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.3.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final"}],"aliases":["CVE-2017-12196","GHSA-cp7v-vmv7-6x2q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7w-rdxh-t7fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35755?format=json","vulnerability_id":"VCID-vmpj-hkf3-97fa","summary":"Undertow denial of service vulnerability\nA flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1184","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1185","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1512","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1513","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1514","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1514"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1516","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:1516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2135","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:2135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3883","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3884","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3885","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3892","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3954","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:3954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4612","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/errata/RHSA-2023:4612"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1108.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-1108","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-1108"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1108","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68813","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1108"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174246","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174246"},{"reference_url":"https://github.com/advisories/GHSA-m4mm-pg93-fv78","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://github.com/advisories/GHSA-m4mm-pg93-fv78"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/1302c8cf4476936802504efe0d36c58dcd954f78"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/1b763064a41a30583b5df9a118898513007a70be"},{"reference_url":"https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/ccc053b55f5de9872bc1a4999fd6aa85fc5e146d"},{"reference_url":"https://github.com/undertow-io/undertow/pull/1457","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/pull/1457"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1108","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1108"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231020-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231020-0002"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253","reference_id":"1033253","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2","reference_id":"cpe:/a:redhat:camel_quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:camel_quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1","reference_id":"cpe:/a:redhat:integration:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:integration:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6","reference_id":"cpe:/a:redhat:jboss_fuse:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0","reference_id":"cpe:/a:redhat:openshift_application_runtimes:1.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_application_runtimes:1.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13","reference_id":"cpe:/a:redhat:openstack:13","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:13"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6.4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6.4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231020-0002/","reference_id":"ntap-20231020-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231020-0002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68056?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.24.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.24.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/68054?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-sxhu-antn-yyau"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.5.Final"}],"aliases":["CVE-2023-1108","GHSA-m4mm-pg93-fv78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmpj-hkf3-97fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50639?format=json","vulnerability_id":"VCID-w47t-pm2c-wbce","summary":"undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0729"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14888","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47589","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14888"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220211-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220211-0001"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772464","reference_id":"1772464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/161660?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.29.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final"}],"aliases":["CVE-2019-14888","GHSA-vjxc-frw4-jmh5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w47t-pm2c-wbce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42119?format=json","vulnerability_id":"VCID-xysn-wuhf-yyb7","summary":"HTTP Request Smuggling in Undertow\nA flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10719","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37524","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10719"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10719"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0014","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0014"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828459","reference_id":"1828459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828459"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913","reference_id":"969913","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75807?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final"}],"aliases":["CVE-2020-10719","GHSA-cccf-7xw3-p2vr"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xysn-wuhf-yyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42131?format=json","vulnerability_id":"VCID-yxfj-u4y3-5bfu","summary":"HTTP Request Smuggling in Undertow\nA flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10687","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31038","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10687"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785049","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785049"},{"reference_url":"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10687","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10687"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0015","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3461","reference_id":"RHSA-2020:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3462","reference_id":"RHSA-2020:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3463","reference_id":"RHSA-2020:3463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3464","reference_id":"RHSA-2020:3464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3501","reference_id":"RHSA-2020:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/75924?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-yt79-f4n8-8ucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final"}],"aliases":["CVE-2020-10687","GHSA-p9w3-gwc2-cr49"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yxfj-u4y3-5bfu"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46865?format=json","vulnerability_id":"VCID-9es1-xq69-cka5","summary":"Moderate severity vulnerability that affects io.undertow:undertow-core\nIt was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670","reference_id":"","reference_type":"","scores":[{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.908","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2670"},{"reference_url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm"},{"reference_url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670"},{"reference_url":"http://www.securityfocus.com/bid/98965","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885","reference_id":"1438885","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0501","reference_id":"RHSA-2018:0501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81292?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.28","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28"},{"url":"http://public2.vulnerablecode.io/api/packages/369845?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.28.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gj2-hze9-tbbs"},{"vulnerability":"VCID-2s32-g9v8-gyea"},{"vulnerability":"VCID-4dbr-frxv-effj"},{"vulnerability":"VCID-56nd-2jar-fkgb"},{"vulnerability":"VCID-5qmh-jjef-mkeu"},{"vulnerability":"VCID-6u8h-sa9p-hfem"},{"vulnerability":"VCID-6z8a-xkn1-5fg4"},{"vulnerability":"VCID-7k6w-u4en-z3fp"},{"vulnerability":"VCID-b79t-d8hn-fuad"},{"vulnerability":"VCID-b89n-h213-ebg6"},{"vulnerability":"VCID-cj8u-t2nv-rudr"},{"vulnerability":"VCID-dgdt-rbkt-rufb"},{"vulnerability":"VCID-dhpt-822y-fybs"},{"vulnerability":"VCID-er9t-muu3-r7cy"},{"vulnerability":"VCID-fg6n-kzd6-vkbz"},{"vulnerability":"VCID-hhvw-7kaq-ufe4"},{"vulnerability":"VCID-jwt3-xhp2-qkgu"},{"vulnerability":"VCID-kp1y-8r1t-n3dw"},{"vulnerability":"VCID-rvcq-je5x-uqem"},{"vulnerability":"VCID-s8gt-xt5k-tkeu"},{"vulnerability":"VCID-sxhu-antn-yyau"},{"vulnerability":"VCID-t7ps-myp7-4uaw"},{"vulnerability":"VCID-ttgy-5eyg-9ua6"},{"vulnerability":"VCID-tzhy-f227-rbep"},{"vulnerability":"VCID-vj7w-rdxh-t7fa"},{"vulnerability":"VCID-vmpj-hkf3-97fa"},{"vulnerability":"VCID-w47t-pm2c-wbce"},{"vulnerability":"VCID-xysn-wuhf-yyb7"},{"vulnerability":"VCID-yxfj-u4y3-5bfu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final"}],"aliases":["CVE-2017-2670","GHSA-3x7h-5hfr-hvjm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9es1-xq69-cka5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final"}