{"url":"http://public2.vulnerablecode.io/api/packages/52090?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.2.0.Beta2","type":"maven","namespace":"io.undertow","name":"undertow-core","version":"1.2.0.Beta2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.28","latest_non_vulnerable_version":"2.4.0.Beta1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37778?format=json","vulnerability_id":"VCID-1qkg-fs55-ukgj","summary":"Information disclosure via directory traversal\nDirectory traversal vulnerability in this package when running on Windows, allows remote attackers to read arbitrary files via a `..` in a resource URI.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7816","reference_id":"","reference_type":"","scores":[{"value":"0.55155","scoring_system":"epss","scoring_elements":"0.98098","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157478","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157478"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/830","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/830"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-338","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-338"},{"reference_url":"https://issues.jboss.org/browse/WFLY-4020","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/WFLY-4020"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7816","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7816"},{"reference_url":"http://www.securityfocus.com/bid/71328","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/71328"},{"reference_url":"https://bugzilla.redhat.com/CVE-2014-7816","reference_id":"CVE-2014-7816","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2014-7816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52093?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.2.0.Beta3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-9v45-vygq-eugz"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-me9g-1s7c-m7cw"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-vwcx-hrtg-pygs"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.2.0.Beta3"}],"aliases":["CVE-2014-7816","GHSA-h6p6-fc4w-cqhx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qkg-fs55-ukgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40121?format=json","vulnerability_id":"VCID-387y-knja-ukh8","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIt was discovered in Undertow that the code that parses the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2666","reference_id":"","reference_type":"","scores":[{"value":"0.01394","scoring_system":"epss","scoring_elements":"0.8072","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2666"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"},{"reference_url":"https://github.com/advisories/GHSA-mcfm-h73v-635m","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mcfm-h73v-635m"},{"reference_url":"http://www.securityfocus.com/bid/98966","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436163","reference_id":"1436163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1436163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2666","reference_id":"CVE-2017-2666","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54829?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/143381?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31"},{"url":"http://public2.vulnerablecode.io/api/packages/54830?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/143382?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17"},{"url":"http://public2.vulnerablecode.io/api/packages/52891?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-me9g-1s7c-m7cw"},{"vulnerability":"VCID-pkzf-4u9a-c3hq"},{"vulnerability":"VCID-xdmu-mgga-xuf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56183?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-me9g-1s7c-m7cw"},{"vulnerability":"VCID-pkzf-4u9a-c3hq"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-vwcx-hrtg-pygs"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Final"}],"aliases":["CVE-2017-2666","GHSA-mcfm-h73v-635m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-387y-knja-ukh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51874?format=json","vulnerability_id":"VCID-4gjh-hhzw-jyda","summary":"Inclusion of Sensitive Information in Log Files\nA flaw was found in the Undertow DEBUG log for `io.undertow.request.security`. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2998","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10212","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63867","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0017","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731984","reference_id":"1731984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731984"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10212","reference_id":"CVE-2019-10212","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10212"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76017?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/144281?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.20","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.20"}],"aliases":["CVE-2019-10212","GHSA-8vh8-vc28-m2hf"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gjh-hhzw-jyda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52170?format=json","vulnerability_id":"VCID-4qfb-8hen-qkc7","summary":"Uncontrolled Resource Consumption\nA vulnerability was found in the Undertow HTTP server when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0729","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0729"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14888.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14888","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220211-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220211-0001"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772464","reference_id":"1772464","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1772464"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14888","reference_id":"CVE-2019-14888","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/76509?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.29.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29.Final"}],"aliases":["CVE-2019-14888","GHSA-vjxc-frw4-jmh5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfb-8hen-qkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40223?format=json","vulnerability_id":"VCID-4zav-auak-8qbu","summary":"Uncontrolled Resource Consumption\nIt was found that `URLResource.getLastModified()` in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2643","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1114","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.7254","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1114"},{"reference_url":"https://bugs.openjdk.java.net/browse/JDK-6956385","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.openjdk.java.net/browse/JDK-6956385"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1114"},{"reference_url":"https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/7f22aa0090296eb00280f878e3731bb71d40f9e"},{"reference_url":"https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-1338","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-1338"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1573045","reference_id":"1573045","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1573045"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247","reference_id":"897247","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897247"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1114","reference_id":"CVE-2018-1114","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1114"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55387?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.25.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/55477?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/56418?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5"}],"aliases":["CVE-2018-1114","GHSA-gjjx-gqm4-wcgm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zav-auak-8qbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52638?format=json","vulnerability_id":"VCID-63qx-1wuv-qufb","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nA flaw was found in Undertow, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10719","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37499","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10719"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0014","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0014"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828459","reference_id":"1828459","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828459"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913","reference_id":"969913","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969913"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10719","reference_id":"CVE-2020-10719","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10719"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2813","reference_id":"RHSA-2020:2813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3140","reference_id":"RHSA-2021:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77394?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final"}],"aliases":["CVE-2020-10719","GHSA-cccf-7xw3-p2vr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63qx-1wuv-qufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54104?format=json","vulnerability_id":"VCID-641y-uckh-gfen","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nA regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20220","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39604","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923133","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1923133"},{"reference_url":"https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/9e797b2f99617fdad0471eaa88c711ee7f44605f"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0013","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0013"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20220","reference_id":"CVE-2021-20220","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2210","reference_id":"RHSA-2021:2210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2755","reference_id":"RHSA-2021:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2755"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79821?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.34.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/142345?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.34","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.34"},{"url":"http://public2.vulnerablecode.io/api/packages/79822?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.6.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-qbnn-jmjd-qqbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/142344?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.6"}],"aliases":["CVE-2021-20220","GHSA-qjwc-v72v-fq6r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-641y-uckh-gfen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40124?format=json","vulnerability_id":"VCID-9v45-vygq-eugz","summary":"Loop with Unreachable Exit Condition (Infinite Loop)\nWith non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2017-1409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670","reference_id":"","reference_type":"","scores":[{"value":"0.05972","scoring_system":"epss","scoring_elements":"0.90827","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2670"},{"reference_url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x7h-5hfr-hvjm"},{"reference_url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d"},{"reference_url":"http://www.securityfocus.com/bid/98965","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885","reference_id":"1438885","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1438885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405","reference_id":"864405","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670","reference_id":"CVE-2017-2670","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1409","reference_id":"RHSA-2017:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1409"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/143637?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.28","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28"},{"url":"http://public2.vulnerablecode.io/api/packages/56185?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.28.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-pkzf-4u9a-c3hq"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-vwcx-hrtg-pygs"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.28.Final"}],"aliases":["CVE-2017-2670","GHSA-3x7h-5hfr-hvjm"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v45-vygq-eugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40250?format=json","vulnerability_id":"VCID-kkn4-9xex-fyb7","summary":"Information Exposure\nAn information leak vulnerability was found in Undertow. If all headers are not written out in the first `write()` call, the code that handles flushing the buffer will always write out the full contents of the `writevBuffer` buffer, which may contain data from previous requests.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0362","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0362"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0364","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0365","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0380","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1106","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1107","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1108","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1140","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1140"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14642.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14642","reference_id":"","reference_type":"","scores":[{"value":"0.00708","scoring_system":"epss","scoring_elements":"0.72565","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628702","reference_id":"1628702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1628702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796","reference_id":"911796","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911796"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14642","reference_id":"CVE-2018-14642","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14642"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/224863?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.15.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/56466?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/155151?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.19.FINAL","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.19.FINAL"}],"aliases":["CVE-2018-14642","GHSA-vf6r-mmhc-3xcm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkn4-9xex-fyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38215?format=json","vulnerability_id":"VCID-me9g-1s7c-m7cw","summary":"Improper Neutralization of CRLF Sequences in HTTP Headers\nCRLF injection vulnerability in the Undertow web server allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1838.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1838.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1839.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1839.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1840.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1840.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-1841.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-1841.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3454","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3454"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3455","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3456","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3458","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:3458"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4993.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4993","reference_id":"","reference_type":"","scores":[{"value":"0.01476","scoring_system":"epss","scoring_elements":"0.81297","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4993"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1344321","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1344321"},{"reference_url":"https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/834496fb74ddda2af197940c70d08bab419fdf12"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-827","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-827"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4993","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4993"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2016-4993","reference_id":"CVE-2016-4993","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2016-4993"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1838","reference_id":"RHSA-2016:1838","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1838"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1839","reference_id":"RHSA-2016:1839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1840","reference_id":"RHSA-2016:1840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1841","reference_id":"RHSA-2016:1841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1841"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/182056?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-9gv3-ujz4-4fau"},{"vulnerability":"VCID-9v45-vygq-eugz"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-pkzf-4u9a-c3hq"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-vwcx-hrtg-pygs"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.5.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/52892?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-pkzf-4u9a-c3hq"},{"vulnerability":"VCID-vwcx-hrtg-pygs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/52893?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/54831?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final"}],"aliases":["CVE-2016-4993","GHSA-qcqr-hcjq-whfq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-me9g-1s7c-m7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53653?format=json","vulnerability_id":"VCID-qbnn-jmjd-qqbx","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nA flaw was discovered in all versions of Undertow before Undertow Final, where HTTP request smuggling related to CVE-2017-2666 is possible against `HTTP/1.x` and `HTTP/2` due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10687","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30933","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10687"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785049","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1785049"},{"reference_url":"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6603513ea8afbf6857fd77ca5888ec8385d0af493baa4250e28c351c@%3Cdev.cxf.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0015","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0015"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10687","reference_id":"CVE-2020-10687","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10687"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3461","reference_id":"RHSA-2020:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3462","reference_id":"RHSA-2020:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3463","reference_id":"RHSA-2020:3463","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3463"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3464","reference_id":"RHSA-2020:3464","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3464"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3501","reference_id":"RHSA-2020:3501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3637","reference_id":"RHSA-2020:3637","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3638","reference_id":"RHSA-2020:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3639","reference_id":"RHSA-2020:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3642","reference_id":"RHSA-2020:3642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78799?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.0.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.0.Final"}],"aliases":["CVE-2020-10687","GHSA-p9w3-gwc2-cr49"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbnn-jmjd-qqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52693?format=json","vulnerability_id":"VCID-rxsj-32jz-wugq","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nA flaw was discovered in Undertow where certain requests to the `Expect: ` header may cause an out of memory error. This flaw may potentially lead to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10705.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10705","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53544","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10705"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1803241","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1803241"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0014","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0014"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10705","reference_id":"CVE-2020-10705","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3585","reference_id":"RHSA-2020:3585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:16668","reference_id":"RHSA-2025:16668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:16668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77394?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.1.Final"}],"aliases":["CVE-2020-10705","GHSA-g4cp-h53p-v3v8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsj-32jz-wugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52553?format=json","vulnerability_id":"VCID-uenh-qgna-t7c4","summary":"False Positive\nThis advisory has been marked as a false positive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70802","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745"},{"reference_url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert"},{"reference_url":"https://www.cnvd.org.cn/webinfo/show/5415","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cnvd.org.cn/webinfo/show/5415"},{"reference_url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305","reference_id":"1807305","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745","reference_id":"CVE-2020-1745","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0812","reference_id":"RHSA-2020:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0813","reference_id":"RHSA-2020:0813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0952","reference_id":"RHSA-2020:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0961","reference_id":"RHSA-2020:0961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0962","reference_id":"RHSA-2020:0962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77179?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.30.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/155645?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.30","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30"}],"aliases":["CVE-2020-1745","GHSA-gv2w-88hx-8m9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uenh-qgna-t7c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40122?format=json","vulnerability_id":"VCID-vwcx-hrtg-pygs","summary":"Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)\nIt was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"0.01096","scoring_system":"epss","scoring_elements":"0.78343","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/5b008b7ac312c6cdb76679ff58c43620bb79d44f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/691440ee58259fba76711b60d56dde6679808bdc"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-1251","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/UNDERTOW-1251"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490301","reference_id":"1490301","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490301"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338","reference_id":"885338","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885338"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12165","reference_id":"CVE-2017-12165","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12165"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54829?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/143381?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.3.31","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.3.31"},{"url":"http://public2.vulnerablecode.io/api/packages/54830?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/143382?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.17"},{"url":"http://public2.vulnerablecode.io/api/packages/54927?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-me9g-1s7c-m7cw"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1"},{"url":"http://public2.vulnerablecode.io/api/packages/54831?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.1.Final"}],"aliases":["CVE-2017-12165","GHSA-5gg7-5wv8-4gcj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwcx-hrtg-pygs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41079?format=json","vulnerability_id":"VCID-w6r9-g7sc-y3ed","summary":"Information Exposure\nAn information exposure of plain text credentials through log files because `Connectors.executeRootHandler:402` logs the `HttpServerExchange` object at `ERROR` level using `UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t,exchange)`.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2998","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0727","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2020:0727"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3888.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3888","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68469","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3888"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220210-0019","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220210-0019"},{"reference_url":"http://www.securityfocus.com/bid/108739","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/108739"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693777","reference_id":"1693777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1693777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349","reference_id":"930349","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930349"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3888","reference_id":"CVE-2019-3888","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1419","reference_id":"RHSA-2019:1419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1420","reference_id":"RHSA-2019:1420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1421","reference_id":"RHSA-2019:1421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1424","reference_id":"RHSA-2019:1424","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2439","reference_id":"RHSA-2019:2439","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:2439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58206?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.21.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/144382?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.21"}],"aliases":["CVE-2019-3888","GHSA-jwgx-9mmh-684w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6r9-g7sc-y3ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39340?format=json","vulnerability_id":"VCID-wncj-73h2-y3cw","summary":"Path Traversal\nThe AJP connector in undertow does not use the `ALLOW_ENCODED_SLASH` option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0478","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0479","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0480","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0481","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1048","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66773","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1048"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534343","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534343"},{"reference_url":"https://cwe.mitre.org/data/definitions/22.html","reference_id":"","reference_type":"","scores":[],"url":"https://cwe.mitre.org/data/definitions/22.html"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928","reference_id":"891928","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1048","reference_id":"CVE-2018-1048","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1048"},{"reference_url":"https://github.com/advisories/GHSA-prfw-3qx6-g9xr","reference_id":"GHSA-prfw-3qx6-g9xr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prfw-3qx6-g9xr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54927?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.0.Beta1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-me9g-1s7c-m7cw"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.0.Beta1"}],"aliases":["CVE-2018-1048","GHSA-prfw-3qx6-g9xr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wncj-73h2-y3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39640?format=json","vulnerability_id":"VCID-xdmu-mgga-xuf2","summary":"HTTP Response Splitting\nUndertow is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1247","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1248","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1249","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1251","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2643","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1067","reference_id":"","reference_type":"","scores":[{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70581","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1067"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067"},{"reference_url":"https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b8"},{"reference_url":"https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/f404cb68448c188f4d51b085b7fe4ac32bde26e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550671","reference_id":"1550671","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1550671"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323","reference_id":"900323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900323"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1067","reference_id":"CVE-2018-1067","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1067"},{"reference_url":"https://github.com/advisories/GHSA-47mp-rq2x-wjf2","reference_id":"GHSA-47mp-rq2x-wjf2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-47mp-rq2x-wjf2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2562","reference_id":"RHSA-2020:2562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55387?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.25.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/55477?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.5.Final"}],"aliases":["CVE-2018-1067","GHSA-47mp-rq2x-wjf2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdmu-mgga-xuf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39573?format=json","vulnerability_id":"VCID-yaw7-jmu3-qyeb","summary":"Incorrect Authorization\nWhen using `Digest` authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0478","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0479","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0480","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0480"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0481","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:0481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1525","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:1525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2405","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3768","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:3768"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12196","reference_id":"","reference_type":"","scores":[{"value":"0.00531","scoring_system":"epss","scoring_elements":"0.67612","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196"},{"reference_url":"https://github.com/undertow-io/undertow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow"},{"reference_url":"https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f"},{"reference_url":"https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870"},{"reference_url":"https://issues.jboss.org/browse/UNDERTOW-1190","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.jboss.org/browse/UNDERTOW-1190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503055","reference_id":"1503055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1503055"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12196","reference_id":"CVE-2017-12196","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2561","reference_id":"RHSA-2020:2561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2562","reference_id":"RHSA-2020:2562","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2562"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55386?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.19.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.19.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/153852?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.24.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-yaw7-jmu3-qyeb"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.24.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/55387?format=json","purl":"pkg:maven/io.undertow/undertow-core@1.4.25.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-387y-knja-ukh8"},{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-wncj-73h2-y3cw"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.4.25.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/153850?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.2.FInal","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.2.FInal"},{"url":"http://public2.vulnerablecode.io/api/packages/55388?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.3.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4gjh-hhzw-jyda"},{"vulnerability":"VCID-4qfb-8hen-qkc7"},{"vulnerability":"VCID-4zav-auak-8qbu"},{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-kkn4-9xex-fyb7"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"},{"vulnerability":"VCID-uenh-qgna-t7c4"},{"vulnerability":"VCID-w6r9-g7sc-y3ed"},{"vulnerability":"VCID-xdmu-mgga-xuf2"},{"vulnerability":"VCID-zhjh-bx17-pkdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.3.Final"}],"aliases":["CVE-2017-12196","GHSA-cp7v-vmv7-6x2q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yaw7-jmu3-qyeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52532?format=json","vulnerability_id":"VCID-zhjh-bx17-pkdc","summary":"Improper Input Validation\nA flaw was found in undertow, where the Servlet container causes `servletPath` to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1757","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64649","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752770","reference_id":"1752770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752770"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1757","reference_id":"CVE-2020-1757","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1757"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2112","reference_id":"RHSA-2020:2112","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77136?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.0.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-63qx-1wuv-qufb"},{"vulnerability":"VCID-641y-uckh-gfen"},{"vulnerability":"VCID-qbnn-jmjd-qqbx"},{"vulnerability":"VCID-rxsj-32jz-wugq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/79820?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-641y-uckh-gfen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.1.0"}],"aliases":["CVE-2020-1757","GHSA-2w73-fqqj-c92p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhjh-bx17-pkdc"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@1.2.0.Beta2"}