{"url":"http://public2.vulnerablecode.io/api/packages/568968?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.29","type":"maven","namespace":"io.undertow","name":"undertow-core","version":"2.0.29","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.0.Beta1","latest_non_vulnerable_version":"2.4.0.Beta1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58699?format=json","vulnerability_id":"VCID-dvxb-wu3m-xuaz","summary":"Improper Authorization in Undertoe\nA file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70607","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70464","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70444","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70495","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70504","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70503","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70478","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70516","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70548","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70517","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70543","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70595","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.7035","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70362","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70358","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70418","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70428","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70413","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00636","scoring_system":"epss","scoring_elements":"0.70455","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1745"},{"reference_url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1745"},{"reference_url":"https://www.cnvd.org.cn/webinfo/show/5415","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cnvd.org.cn/webinfo/show/5415"},{"reference_url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305","reference_id":"1807305","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807305"},{"reference_url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/","reference_id":"CVE-2020-1938-APACHE-TOMCAT-AJP-CONNECTOR-REMOTE-CODE-EXECUTION-VULNERABILITY-ALERT","reference_type":"","scores":[],"url":"https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"},{"reference_url":"https://github.com/advisories/GHSA-gv2w-88hx-8m9r","reference_id":"GHSA-gv2w-88hx-8m9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gv2w-88hx-8m9r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0812","reference_id":"RHSA-2020:0812","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0813","reference_id":"RHSA-2020:0813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0952","reference_id":"RHSA-2020:0952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0961","reference_id":"RHSA-2020:0961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0961"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0962","reference_id":"RHSA-2020:0962","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0962"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2058","reference_id":"RHSA-2020:2058","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2058"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2059","reference_id":"RHSA-2020:2059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2060","reference_id":"RHSA-2020:2060","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2061","reference_id":"RHSA-2020:2061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2333","reference_id":"RHSA-2020:2333","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2333"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2367","reference_id":"RHSA-2020:2367","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2367"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2511","reference_id":"RHSA-2020:2511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2512","reference_id":"RHSA-2020:2512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2513","reference_id":"RHSA-2020:2513","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2515","reference_id":"RHSA-2020:2515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2905","reference_id":"RHSA-2020:2905","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2905"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3779","reference_id":"RHSA-2020:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84318?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.30","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30"},{"url":"http://public2.vulnerablecode.io/api/packages/204979?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.0.30.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14ff-vn3t-vyhy"},{"vulnerability":"VCID-1vrj-chs2-d3ab"},{"vulnerability":"VCID-2cv5-9v62-kfbm"},{"vulnerability":"VCID-4v1f-kt5y-w7d1"},{"vulnerability":"VCID-5585-a76n-zubf"},{"vulnerability":"VCID-62gn-nwup-8uat"},{"vulnerability":"VCID-73st-24ck-uydb"},{"vulnerability":"VCID-7yc7-e35f-8uhj"},{"vulnerability":"VCID-93ut-2de3-ckc5"},{"vulnerability":"VCID-bpuw-kn4r-6kau"},{"vulnerability":"VCID-cf5j-2dz8-7bbu"},{"vulnerability":"VCID-gsr8-1dea-effx"},{"vulnerability":"VCID-k6c9-mckm-cyhy"},{"vulnerability":"VCID-ns3p-22xg-q3bz"},{"vulnerability":"VCID-sxup-wzjc-tue1"},{"vulnerability":"VCID-tc7q-5xss-nyfh"},{"vulnerability":"VCID-urxh-sp91-kuet"},{"vulnerability":"VCID-usz2-tufg-k7gz"},{"vulnerability":"VCID-xftw-raz7-b7e1"},{"vulnerability":"VCID-xme8-usmd-vqg3"},{"vulnerability":"VCID-yn69-8upm-7yc2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.30.Final"}],"aliases":["CVE-2020-1745","GHSA-gv2w-88hx-8m9r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxb-wu3m-xuaz"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.0.29"}