| 0 |
| url |
VCID-1nxp-wx8c-a7gx |
| vulnerability_id |
VCID-1nxp-wx8c-a7gx |
| summary |
Exposure of Sensitive Information to an Unauthorized Actor in Undertow |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14642 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00708 |
| scoring_system |
epss |
| scoring_elements |
0.72743 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00708 |
| scoring_system |
epss |
| scoring_elements |
0.72654 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00708 |
| scoring_system |
epss |
| scoring_elements |
0.72731 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00708 |
| scoring_system |
epss |
| scoring_elements |
0.72745 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-14642 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.15.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.15.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 1 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 2 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 3 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 4 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 13 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 14 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 15 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 16 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 17 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 18 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 19 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 20 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 21 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 22 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 23 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 24 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final |
|
| 1 |
|
| 2 |
|
|
| aliases |
CVE-2018-14642, GHSA-vf6r-mmhc-3xcm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1nxp-wx8c-a7gx |
|
| 1 |
| url |
VCID-1wa8-ah8p-y3b6 |
| vulnerability_id |
VCID-1wa8-ah8p-y3b6 |
| summary |
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7046 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0406 |
| scoring_system |
epss |
| scoring_elements |
0.88787 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0406 |
| scoring_system |
epss |
| scoring_elements |
0.88825 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.0406 |
| scoring_system |
epss |
| scoring_elements |
0.88831 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.0406 |
| scoring_system |
epss |
| scoring_elements |
0.8883 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-7046 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.3.25.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.3.25.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-1wa8-ah8p-y3b6 |
|
| 2 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 3 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 4 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 5 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 6 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 7 |
| vulnerability |
VCID-5yva-1hua-a3af |
|
| 8 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 9 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 10 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 11 |
| vulnerability |
VCID-b827-wz12-qye3 |
|
| 12 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 13 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 14 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 15 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 16 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 17 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 18 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 19 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 20 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 21 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 22 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 23 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 24 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 25 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 26 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 27 |
| vulnerability |
VCID-uham-4wab-h3h7 |
|
| 28 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 29 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 30 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 31 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 32 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.25.Final |
|
| 1 |
| url |
pkg:maven/io.undertow/undertow-core@1.3.26.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.3.26.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-5yva-1hua-a3af |
|
| 7 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 8 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 9 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 10 |
| vulnerability |
VCID-b827-wz12-qye3 |
|
| 11 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 12 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 13 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 14 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 15 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 16 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 17 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 18 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 19 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 20 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 21 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 22 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 23 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 24 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 25 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 26 |
| vulnerability |
VCID-uham-4wab-h3h7 |
|
| 27 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 28 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 29 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 30 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 31 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.26.Final |
|
| 2 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.3.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.3.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-1wa8-ah8p-y3b6 |
|
| 2 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 3 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 4 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 5 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 6 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 7 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 8 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 9 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 10 |
| vulnerability |
VCID-b827-wz12-qye3 |
|
| 11 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 12 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 13 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 14 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 15 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 16 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 17 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 18 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 19 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 20 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 21 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 22 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 23 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 24 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 25 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 26 |
| vulnerability |
VCID-uham-4wab-h3h7 |
|
| 27 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 28 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 29 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 30 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 31 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 32 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.3.Final |
|
| 3 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.4.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.4.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-b827-wz12-qye3 |
|
| 10 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 11 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 12 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 13 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 14 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 15 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 16 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 17 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 18 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 19 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 20 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 21 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 22 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 23 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 24 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 25 |
| vulnerability |
VCID-uham-4wab-h3h7 |
|
| 26 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 27 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 28 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 29 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 30 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 31 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.4.Final |
|
| 4 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-5age-ykyt-ryex |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
|
| 5 |
|
|
| aliases |
CVE-2016-7046, GHSA-3f57-w2rp-72fc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1wa8-ah8p-y3b6 |
|
| 2 |
| url |
VCID-26ru-xpcj-7bcz |
| vulnerability_id |
VCID-26ru-xpcj-7bcz |
| summary |
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14888 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46685 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46828 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46843 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00235 |
| scoring_system |
epss |
| scoring_elements |
0.46824 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-14888 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.29.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.29.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 1 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 2 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 3 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 4 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 5 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 6 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 7 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 8 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 9 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 10 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 11 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 12 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 13 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 14 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 15 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 16 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 17 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 18 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 19 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 20 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 21 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final |
|
|
| aliases |
CVE-2019-14888, GHSA-vjxc-frw4-jmh5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-26ru-xpcj-7bcz |
|
| 3 |
| url |
VCID-3cek-y62u-7qas |
| vulnerability_id |
VCID-3cek-y62u-7qas |
| summary |
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1757 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64754 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64857 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64869 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00463 |
| scoring_system |
epss |
| scoring_elements |
0.64866 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1757 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/io.undertow/undertow-core@2.1.0.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.1.0.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 1 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 2 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 3 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 4 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 5 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 6 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 7 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 8 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 9 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 10 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 11 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 12 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 13 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 14 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 15 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 16 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 17 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 18 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 19 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final |
|
|
| aliases |
CVE-2020-1757, GHSA-2w73-fqqj-c92p
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3cek-y62u-7qas |
|
| 4 |
| url |
VCID-45bm-ykfp-dugb |
| vulnerability_id |
VCID-45bm-ykfp-dugb |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12196 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67805 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67707 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67796 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00531 |
| scoring_system |
epss |
| scoring_elements |
0.67809 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12196 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.19.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.19.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 13 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 14 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 15 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 16 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 17 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 18 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 19 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 26 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 27 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 28 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final |
|
| 1 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.24.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.24.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 28 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 29 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final |
|
| 2 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.25.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.25.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 13 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 14 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 15 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 16 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 17 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 18 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 19 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final |
|
| 3 |
|
| 4 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.3.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.3.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final |
|
|
| aliases |
CVE-2017-12196, GHSA-cp7v-vmv7-6x2q
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-45bm-ykfp-dugb |
|
| 5 |
| url |
VCID-4u9y-nd98-z7fr |
| vulnerability_id |
VCID-4u9y-nd98-z7fr |
| summary |
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-7885 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10699 |
| scoring_system |
epss |
| scoring_elements |
0.93507 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.10699 |
| scoring_system |
epss |
| scoring_elements |
0.93486 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.10699 |
| scoring_system |
epss |
| scoring_elements |
0.93512 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.10699 |
| scoring_system |
epss |
| scoring_elements |
0.93511 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-7885 |
|
| 2 |
| reference_url |
https://github.com/undertow-io/undertow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/undertow-io/undertow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2024-7885 |
| reference_id |
CVE-2024-7885 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2024-7885 |
|
| 31 |
|
| 32 |
|
| 33 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:11023 |
| reference_id |
RHSA-2024:11023 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:11023 |
|
| 34 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6508 |
| reference_id |
RHSA-2024:6508 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6508 |
|
| 35 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:6883 |
| reference_id |
RHSA-2024:6883 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:6883 |
|
| 36 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:7441 |
| reference_id |
RHSA-2024:7441 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:7441 |
|
| 37 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:7442 |
| reference_id |
RHSA-2024:7442 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:7442 |
|
| 38 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:7735 |
| reference_id |
RHSA-2024:7735 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:7735 |
|
| 39 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:7736 |
| reference_id |
RHSA-2024:7736 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:7736 |
|
| 40 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:8080 |
| reference_id |
RHSA-2024:8080 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:8080 |
|
| 41 |
| reference_url |
https://access.redhat.com/errata/RHSA-2025:16667 |
| reference_id |
RHSA-2025:16667 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2025:16667 |
|
| 42 |
| reference_url |
https://access.redhat.com/errata/RHSA-2026:0743 |
| reference_id |
RHSA-2026:0743 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2026:0743 |
|
| 43 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2305290 |
| reference_id |
show_bug.cgi?id=2305290 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:21:22Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2305290 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-7885, GHSA-9623-mqmm-5rcf
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4u9y-nd98-z7fr |
|
| 6 |
| url |
VCID-4yb5-81eu-qubq |
| vulnerability_id |
VCID-4yb5-81eu-qubq |
| summary |
A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10705, GHSA-g4cp-h53p-v3v8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4yb5-81eu-qubq |
|
| 7 |
| url |
VCID-5yva-1hua-a3af |
| vulnerability_id |
VCID-5yva-1hua-a3af |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.3.28.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.3.28.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-b827-wz12-qye3 |
|
| 10 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 11 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 12 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 13 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 14 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 15 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 16 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 17 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 18 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 19 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 20 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 21 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 22 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 23 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 24 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 25 |
| vulnerability |
VCID-uham-4wab-h3h7 |
|
| 26 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 27 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 28 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 29 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 30 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final |
|
| 1 |
|
|
| aliases |
CVE-2017-2670, GHSA-3x7h-5hfr-hvjm
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5yva-1hua-a3af |
|
| 8 |
|
| 9 |
| url |
VCID-7ejv-4mka-6fe6 |
| vulnerability_id |
VCID-7ejv-4mka-6fe6 |
| summary |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-1259 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0044 |
| scoring_system |
epss |
| scoring_elements |
0.63603 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.0044 |
| scoring_system |
epss |
| scoring_elements |
0.63705 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.0044 |
| scoring_system |
epss |
| scoring_elements |
0.63719 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.0044 |
| scoring_system |
epss |
| scoring_elements |
0.63717 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-1259 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-1259
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ejv-4mka-6fe6 |
|
| 10 |
| url |
VCID-925s-414k-bybt |
| vulnerability_id |
VCID-925s-414k-bybt |
| summary |
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10719 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37585 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37763 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37788 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00167 |
| scoring_system |
epss |
| scoring_elements |
0.37775 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10719 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10719, GHSA-cccf-7xw3-p2vr
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-925s-414k-bybt |
|
| 11 |
| url |
VCID-b827-wz12-qye3 |
| vulnerability_id |
VCID-b827-wz12-qye3 |
| summary |
Undertow Request Smuggling vulnerability |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12165 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01096 |
| scoring_system |
epss |
| scoring_elements |
0.78412 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.01096 |
| scoring_system |
epss |
| scoring_elements |
0.7849 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.01096 |
| scoring_system |
epss |
| scoring_elements |
0.78494 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.01096 |
| scoring_system |
epss |
| scoring_elements |
0.78479 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-12165 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.3.31.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.3.31.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 28 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final |
|
| 1 |
|
| 2 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.17.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.17.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 28 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 29 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final |
|
| 3 |
|
| 4 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-5age-ykyt-ryex |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
|
| 5 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.1.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.1.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 7 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 8 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 9 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 10 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 11 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 12 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 13 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 14 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 15 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 16 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 17 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 18 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 19 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 20 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 28 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final |
|
|
| aliases |
CVE-2017-12165, GHSA-5gg7-5wv8-4gcj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b827-wz12-qye3 |
|
| 12 |
|
| 13 |
|
| 14 |
| url |
VCID-dfpq-44kb-huew |
| vulnerability_id |
VCID-dfpq-44kb-huew |
| summary |
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2024-1459 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.10104 |
| scoring_system |
epss |
| scoring_elements |
0.93281 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.10104 |
| scoring_system |
epss |
| scoring_elements |
0.93256 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.10104 |
| scoring_system |
epss |
| scoring_elements |
0.93278 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.10104 |
| scoring_system |
epss |
| scoring_elements |
0.9328 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2024-1459 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2024-1459, GHSA-v76w-3ph8-vm66
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dfpq-44kb-huew |
|
| 15 |
| url |
VCID-e5cm-rtss-bbfc |
| vulnerability_id |
VCID-e5cm-rtss-bbfc |
| summary |
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10687 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00123 |
| scoring_system |
epss |
| scoring_elements |
0.30964 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00123 |
| scoring_system |
epss |
| scoring_elements |
0.3116 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00123 |
| scoring_system |
epss |
| scoring_elements |
0.31176 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00123 |
| scoring_system |
epss |
| scoring_elements |
0.31159 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10687 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-10687, GHSA-p9w3-gwc2-cr49
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e5cm-rtss-bbfc |
|
| 16 |
| url |
VCID-f7x7-afrc-uqcm |
| vulnerability_id |
VCID-f7x7-afrc-uqcm |
| summary |
Credential exposure through log files in Undertow |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-3888 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00555 |
| scoring_system |
epss |
| scoring_elements |
0.68669 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00555 |
| scoring_system |
epss |
| scoring_elements |
0.68571 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00555 |
| scoring_system |
epss |
| scoring_elements |
0.68661 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00555 |
| scoring_system |
epss |
| scoring_elements |
0.68674 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-3888 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.21.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.21.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 1 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 2 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 3 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 4 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 13 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 14 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 15 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 16 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 17 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 18 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 19 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 20 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 21 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 22 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final |
|
| 1 |
|
|
| aliases |
CVE-2019-3888, GHSA-jwgx-9mmh-684w
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f7x7-afrc-uqcm |
|
| 17 |
| url |
VCID-fdhy-cw72-57cd |
| vulnerability_id |
VCID-fdhy-cw72-57cd |
| summary |
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS). |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://kb.cert.org/vuls/id/767506 |
| reference_id |
767506 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-02T13:55:22Z/ |
|
|
| url |
https://kb.cert.org/vuls/id/767506 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-9784, GHSA-95h4-w6j8-2rp8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fdhy-cw72-57cd |
|
| 18 |
| url |
VCID-gga8-ucqw-3bc7 |
| vulnerability_id |
VCID-gga8-ucqw-3bc7 |
| summary |
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-1319 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.70139 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.70229 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.70243 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00606 |
| scoring_system |
epss |
| scoring_elements |
0.7024 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-1319 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-1319
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gga8-ucqw-3bc7 |
|
| 19 |
| url |
VCID-ghz9-w5n1-zkdq |
| vulnerability_id |
VCID-ghz9-w5n1-zkdq |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1114 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00707 |
| scoring_system |
epss |
| scoring_elements |
0.72719 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00707 |
| scoring_system |
epss |
| scoring_elements |
0.7263 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00707 |
| scoring_system |
epss |
| scoring_elements |
0.72707 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00707 |
| scoring_system |
epss |
| scoring_elements |
0.72721 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1114 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.25.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.25.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 13 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 14 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 15 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 16 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 17 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 18 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 19 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final |
|
| 1 |
|
| 2 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.5.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.5.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 17 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 18 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 19 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 20 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 21 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 22 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 23 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 24 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 25 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final |
|
|
| aliases |
CVE-2018-1114, GHSA-gjjx-gqm4-wcgm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ghz9-w5n1-zkdq |
|
| 20 |
| url |
VCID-kdkn-2zrf-7ff1 |
| vulnerability_id |
VCID-kdkn-2zrf-7ff1 |
| summary |
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2026-3260 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00494 |
| scoring_system |
epss |
| scoring_elements |
0.66166 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00494 |
| scoring_system |
epss |
| scoring_elements |
0.66271 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.00494 |
| scoring_system |
epss |
| scoring_elements |
0.66274 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00494 |
| scoring_system |
epss |
| scoring_elements |
0.6626 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2026-3260 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2026-3260, GHSA-3x3v-w654-m28m
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kdkn-2zrf-7ff1 |
|
| 21 |
| url |
VCID-kuft-1mgp-u3ep |
| vulnerability_id |
VCID-kuft-1mgp-u3ep |
| summary |
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-3223 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00649 |
| scoring_system |
epss |
| scoring_elements |
0.71391 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00649 |
| scoring_system |
epss |
| scoring_elements |
0.71291 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00649 |
| scoring_system |
epss |
| scoring_elements |
0.7138 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00649 |
| scoring_system |
epss |
| scoring_elements |
0.71393 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-3223 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-3223, GHSA-65h2-wf7m-q2v8
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kuft-1mgp-u3ep |
|
| 22 |
| url |
VCID-m2ne-5zum-tqbn |
| vulnerability_id |
VCID-m2ne-5zum-tqbn |
| summary |
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1108 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.69077 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.69082 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.6907 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00567 |
| scoring_system |
epss |
| scoring_elements |
0.68978 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1108 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
| reference_url |
https://github.com/advisories/GHSA-m4mm-pg93-fv78 |
| reference_id |
GHSA-m4mm-pg93-fv78 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ |
|
|
| url |
https://github.com/advisories/GHSA-m4mm-pg93-fv78 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-1108, GHSA-m4mm-pg93-fv78
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ne-5zum-tqbn |
|
| 23 |
| url |
VCID-m4a2-8fwt-bbb8 |
| vulnerability_id |
VCID-m4a2-8fwt-bbb8 |
| summary |
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-5age-ykyt-ryex |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1 |
|
|
| aliases |
CVE-2018-1048, GHSA-prfw-3qx6-g9xr
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m4a2-8fwt-bbb8 |
|
| 24 |
| url |
VCID-mz7z-tp7n-3qhd |
| vulnerability_id |
VCID-mz7z-tp7n-3qhd |
| summary |
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5379 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.37044 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.36854 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.37032 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00161 |
| scoring_system |
epss |
| scoring_elements |
0.37059 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-5379 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-5379
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mz7z-tp7n-3qhd |
|
| 25 |
| url |
VCID-sg32-tewt-ckan |
| vulnerability_id |
VCID-sg32-tewt-ckan |
| summary |
Potential to access user credentials from the log files when debug logging enabled |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10212 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00448 |
| scoring_system |
epss |
| scoring_elements |
0.64077 |
| published_at |
2026-06-12T12:55:00Z |
|
| 1 |
| value |
0.00448 |
| scoring_system |
epss |
| scoring_elements |
0.63974 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00448 |
| scoring_system |
epss |
| scoring_elements |
0.64088 |
| published_at |
2026-06-14T12:55:00Z |
|
| 3 |
| value |
0.00448 |
| scoring_system |
epss |
| scoring_elements |
0.6409 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-10212 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.20.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.20.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 1 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 2 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 3 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 4 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 13 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 14 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 15 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 16 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 17 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 18 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 19 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 20 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 21 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 22 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 23 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final |
|
| 1 |
|
|
| aliases |
CVE-2019-10212, GHSA-8vh8-vc28-m2hf
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sg32-tewt-ckan |
|
| 26 |
| url |
VCID-u62g-ukw7-5uf2 |
| vulnerability_id |
VCID-u62g-ukw7-5uf2 |
| summary |
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1973 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00727 |
| scoring_system |
epss |
| scoring_elements |
0.73172 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00727 |
| scoring_system |
epss |
| scoring_elements |
0.7308 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00727 |
| scoring_system |
epss |
| scoring_elements |
0.73158 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00727 |
| scoring_system |
epss |
| scoring_elements |
0.73173 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2023-1973 |
|
| 2 |
| reference_url |
https://github.com/undertow-io/undertow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/undertow-io/undertow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
| reference_url |
https://access.redhat.com/security/cve/CVE-2023-1973 |
| reference_id |
CVE-2023-1973 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/security/cve/CVE-2023-1973 |
|
| 15 |
|
| 16 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1674 |
| reference_id |
RHSA-2024:1674 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1674 |
|
| 17 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1675 |
| reference_id |
RHSA-2024:1675 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1675 |
|
| 18 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1676 |
| reference_id |
RHSA-2024:1676 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1676 |
|
| 19 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:1677 |
| reference_id |
RHSA-2024:1677 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:1677 |
|
| 20 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:2763 |
| reference_id |
RHSA-2024:2763 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:2763 |
|
| 21 |
| reference_url |
https://access.redhat.com/errata/RHSA-2024:2764 |
| reference_id |
RHSA-2024:2764 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://access.redhat.com/errata/RHSA-2024:2764 |
|
| 22 |
|
| 23 |
|
| 24 |
| reference_url |
https://bugzilla.redhat.com/show_bug.cgi?id=2185662 |
| reference_id |
show_bug.cgi?id=2185662 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
6.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:06:28Z/ |
|
|
| url |
https://bugzilla.redhat.com/show_bug.cgi?id=2185662 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-1973, GHSA-97cq-f4jm-mv8h
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u62g-ukw7-5uf2 |
|
| 27 |
| url |
VCID-uham-4wab-h3h7 |
| vulnerability_id |
VCID-uham-4wab-h3h7 |
| summary |
Undertow vulnerable to Request Smuggling |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7559 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78717 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78796 |
| published_at |
2026-06-14T12:55:00Z |
|
| 2 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.788 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.01128 |
| scoring_system |
epss |
| scoring_elements |
0.78783 |
| published_at |
2026-06-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-7559 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.3.31.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.3.31.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 28 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final |
|
| 1 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.17.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.17.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 17 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 18 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 19 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 20 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 28 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 29 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final |
|
| 2 |
|
| 3 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.1.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.1.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-45bm-ykfp-dugb |
|
| 4 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 5 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 6 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 7 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 8 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 9 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 10 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 11 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 12 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 13 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 14 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 15 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 16 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 17 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 18 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 19 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 20 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 21 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 22 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 23 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 24 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 25 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 26 |
| vulnerability |
VCID-y5uu-3hgq-6ud1 |
|
| 27 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 28 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final |
|
|
| aliases |
CVE-2017-7559, GHSA-rj76-h87p-r3wf
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uham-4wab-h3h7 |
|
| 28 |
| url |
VCID-uymv-k8py-mfa9 |
| vulnerability_id |
VCID-uymv-k8py-mfa9 |
| summary |
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20220 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39701 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39872 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39896 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00182 |
| scoring_system |
epss |
| scoring_elements |
0.39885 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-20220 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.34.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.34.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 1 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 2 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 3 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 4 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 5 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 6 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 7 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 8 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 9 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 10 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 11 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 12 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 13 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 14 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 15 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 16 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 17 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 18 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 19 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| aliases |
CVE-2021-20220, GHSA-qjwc-v72v-fq6r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uymv-k8py-mfa9 |
|
| 29 |
| url |
VCID-xdvz-febf-ybgz |
| vulnerability_id |
VCID-xdvz-febf-ybgz |
| summary |
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1745 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00636 |
| scoring_system |
epss |
| scoring_elements |
0.70903 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00636 |
| scoring_system |
epss |
| scoring_elements |
0.70994 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00636 |
| scoring_system |
epss |
| scoring_elements |
0.71006 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00636 |
| scoring_system |
epss |
| scoring_elements |
0.71003 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-1745 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.30.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.30.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 1 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 2 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 3 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 4 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 5 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 6 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 7 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 8 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 9 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 10 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 11 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 12 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 13 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 14 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 15 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 16 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 17 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 18 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 19 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 20 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final |
|
|
| aliases |
CVE-2020-1745, GHSA-gv2w-88hx-8m9r
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xdvz-febf-ybgz |
|
| 30 |
| url |
VCID-y5uu-3hgq-6ud1 |
| vulnerability_id |
VCID-y5uu-3hgq-6ud1 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1067 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70786 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70685 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70775 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00626 |
| scoring_system |
epss |
| scoring_elements |
0.70788 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2018-1067 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/io.undertow/undertow-core@1.4.25.Final |
| purl |
pkg:maven/io.undertow/undertow-core@1.4.25.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 6 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 7 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 8 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 9 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 10 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 11 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 12 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 13 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 14 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 15 |
| vulnerability |
VCID-ghz9-w5n1-zkdq |
|
| 16 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 17 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 18 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 19 |
| vulnerability |
VCID-m4a2-8fwt-bbb8 |
|
| 20 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 21 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 22 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 23 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 24 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 25 |
| vulnerability |
VCID-yes8-5q2e-4bg1 |
|
| 26 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 27 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final |
|
| 1 |
| url |
pkg:maven/io.undertow/undertow-core@2.0.5.Final |
| purl |
pkg:maven/io.undertow/undertow-core@2.0.5.Final |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1nxp-wx8c-a7gx |
|
| 1 |
| vulnerability |
VCID-26ru-xpcj-7bcz |
|
| 2 |
| vulnerability |
VCID-3cek-y62u-7qas |
|
| 3 |
| vulnerability |
VCID-4u9y-nd98-z7fr |
|
| 4 |
| vulnerability |
VCID-4yb5-81eu-qubq |
|
| 5 |
| vulnerability |
VCID-6bhd-zdh5-5qgz |
|
| 6 |
| vulnerability |
VCID-6dvp-ddvr-abh8 |
|
| 7 |
| vulnerability |
VCID-7ejv-4mka-6fe6 |
|
| 8 |
| vulnerability |
VCID-925s-414k-bybt |
|
| 9 |
| vulnerability |
VCID-byes-xc7r-2fhs |
|
| 10 |
| vulnerability |
VCID-c491-1k44-4qfg |
|
| 11 |
| vulnerability |
VCID-dfpq-44kb-huew |
|
| 12 |
| vulnerability |
VCID-e5cm-rtss-bbfc |
|
| 13 |
| vulnerability |
VCID-f7x7-afrc-uqcm |
|
| 14 |
| vulnerability |
VCID-fdhy-cw72-57cd |
|
| 15 |
| vulnerability |
VCID-gga8-ucqw-3bc7 |
|
| 16 |
| vulnerability |
VCID-kdkn-2zrf-7ff1 |
|
| 17 |
| vulnerability |
VCID-kuft-1mgp-u3ep |
|
| 18 |
| vulnerability |
VCID-m2ne-5zum-tqbn |
|
| 19 |
| vulnerability |
VCID-mz7z-tp7n-3qhd |
|
| 20 |
| vulnerability |
VCID-sg32-tewt-ckan |
|
| 21 |
| vulnerability |
VCID-u62g-ukw7-5uf2 |
|
| 22 |
| vulnerability |
VCID-uymv-k8py-mfa9 |
|
| 23 |
| vulnerability |
VCID-xdvz-febf-ybgz |
|
| 24 |
| vulnerability |
VCID-yymt-yakb-z3hx |
|
| 25 |
| vulnerability |
VCID-z4ev-4e89-jucp |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final |
|
|
| aliases |
CVE-2018-1067, GHSA-47mp-rq2x-wjf2
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uu-3hgq-6ud1 |
|
| 31 |
| url |
VCID-yymt-yakb-z3hx |
| vulnerability_id |
VCID-yymt-yakb-z3hx |
| summary |
Undertow vulnerable to Denial of Service (DoS) attacks |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3859 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48846 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48861 |
| published_at |
2026-06-13T12:55:00Z |
|
| 2 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48842 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00251 |
| scoring_system |
epss |
| scoring_elements |
0.48705 |
| published_at |
2026-06-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3859 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3859, GHSA-339q-62wm-c39w, GMS-2022-2963
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yymt-yakb-z3hx |
|
| 32 |
| url |
VCID-z4ev-4e89-jucp |
| vulnerability_id |
VCID-z4ev-4e89-jucp |
| summary |
Undertow vulnerable to memory exhaustion due to buffer leak |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3690 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.5851 |
| published_at |
2026-06-14T12:55:00Z |
|
| 1 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58392 |
| published_at |
2026-06-11T12:55:00Z |
|
| 2 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.58504 |
| published_at |
2026-06-12T12:55:00Z |
|
| 3 |
| value |
0.00357 |
| scoring_system |
epss |
| scoring_elements |
0.5852 |
| published_at |
2026-06-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-3690 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
|
| aliases |
CVE-2021-3690, GHSA-fj7c-vg2v-ccrm, GMS-2022-2964
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ev-4e89-jucp |
|