Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.undertow/undertow-core@2.0.1

Type maven

Namespace io.undertow

Name undertow-core

Version 2.0.1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.0.2.FInal

Latest_non_vulnerable_version 2.4.0.Beta1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-xb2n-a5w7-g7cx

vulnerability_id VCID-xb2n-a5w7-g7cx

summary

Improper Neutralization of CRLF Sequences in HTTP Headers
CRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4993

reference_id

reference_type

scores

value	0.01476
scoring_system	epss
scoring_elements	0.81271
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4993

reference_url	https://access.redhat.com/security/cve/CVE-2016-4993
reference_id	CVE-2016-4993
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2016-4993

fixed_packages

url pkg:maven/io.undertow/undertow-core@1.4.0

purl pkg:maven/io.undertow/undertow-core@1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mnx-8nvz-tyda

vulnerability	VCID-ctw5-1q7n-b7bk

vulnerability	VCID-fx5j-2na1-hfcu

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0

url	pkg:maven/io.undertow/undertow-core@2.0.1
purl	pkg:maven/io.undertow/undertow-core@2.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1

aliases CVE-2016-4993

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xb2n-a5w7-g7cx

url VCID-xy1a-thk6-5fhz

vulnerability_id VCID-xy1a-thk6-5fhz

summary

Uncontrolled Resource Consumption
Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7046

reference_id

reference_type

scores

value	0.0406
scoring_system	epss
scoring_elements	0.88721
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7046

reference_url	https://access.redhat.com/security/cve/CVE-2016-7046
reference_id	CVE-2016-7046
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2016-7046

fixed_packages

url	pkg:maven/io.undertow/undertow-core@2.0.1
purl	pkg:maven/io.undertow/undertow-core@2.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1

aliases CVE-2016-7046

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xy1a-thk6-5fhz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1

Package Instance