{"url":"http://public2.vulnerablecode.io/api/packages/993904?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.19","type":"maven","namespace":"io.undertow","name":"undertow-core","version":"2.2.19","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.4.0.Beta1","latest_non_vulnerable_version":"2.4.0.Beta1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79134?format=json","vulnerability_id":"VCID-4v1f-kt5y-w7d1","summary":"Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2764","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57338","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57368","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57383","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57363","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57342","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57299","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57321","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57297","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57359","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57309","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57334","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.574","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57414","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.66803","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117506","reference_id":"2117506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2117506"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2764","reference_id":"CVE-2022-2764","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8790","reference_id":"RHSA-2022:8790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8791","reference_id":"RHSA-2022:8791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8792","reference_id":"RHSA-2022:8792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8793","reference_id":"RHSA-2022:8793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/326809?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrj-chs2-d3ab"},{"vulnerability":"VCID-2cv5-9v62-kfbm"},{"vulnerability":"VCID-5585-a76n-zubf"},{"vulnerability":"VCID-7yc7-e35f-8uhj"},{"vulnerability":"VCID-ns3p-22xg-q3bz"},{"vulnerability":"VCID-tc7q-5xss-nyfh"},{"vulnerability":"VCID-usz2-tufg-k7gz"},{"vulnerability":"VCID-xme8-usmd-vqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/324342?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrj-chs2-d3ab"},{"vulnerability":"VCID-2cv5-9v62-kfbm"},{"vulnerability":"VCID-5585-a76n-zubf"},{"vulnerability":"VCID-ns3p-22xg-q3bz"},{"vulnerability":"VCID-tc7q-5xss-nyfh"},{"vulnerability":"VCID-usz2-tufg-k7gz"},{"vulnerability":"VCID-xme8-usmd-vqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final"}],"aliases":["CVE-2022-2764"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4v1f-kt5y-w7d1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79542?format=json","vulnerability_id":"VCID-62gn-nwup-8uat","summary":"undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1259.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1259","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5052","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50576","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50604","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50557","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50608","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50651","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50628","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50588","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50596","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5055","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50473","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50527","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5051","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50541","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50618","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50631","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1259"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072339","reference_id":"2072339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072339"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1259","reference_id":"CVE-2022-1259","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1259"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1259","reference_id":"CVE-2022-1259","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6821","reference_id":"RHSA-2022:6821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6822","reference_id":"RHSA-2022:6822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6823","reference_id":"RHSA-2022:6823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6825","reference_id":"RHSA-2022:6825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6825"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8761","reference_id":"RHSA-2022:8761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/326809?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrj-chs2-d3ab"},{"vulnerability":"VCID-2cv5-9v62-kfbm"},{"vulnerability":"VCID-5585-a76n-zubf"},{"vulnerability":"VCID-7yc7-e35f-8uhj"},{"vulnerability":"VCID-ns3p-22xg-q3bz"},{"vulnerability":"VCID-tc7q-5xss-nyfh"},{"vulnerability":"VCID-usz2-tufg-k7gz"},{"vulnerability":"VCID-xme8-usmd-vqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final"}],"aliases":["CVE-2022-1259"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62gn-nwup-8uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79532?format=json","vulnerability_id":"VCID-93ut-2de3-ckc5","summary":"undertow: Double AJP response for 400 from EAP 7 results in CPING failures","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1319","reference_id":"","reference_type":"","scores":[{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78805","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78841","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78825","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.7885","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78856","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78881","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78875","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78904","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78945","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78967","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.7898","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78977","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.78995","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.79034","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01193","scoring_system":"epss","scoring_elements":"0.79047","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1319"},{"reference_url":"https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b"},{"reference_url":"https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3"},{"reference_url":"https://issues.redhat.com/browse/UNDERTOW-2060","reference_id":"","reference_type":"","scores":[],"url":"https://issues.redhat.com/browse/UNDERTOW-2060"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448","reference_id":"1016448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890","reference_id":"2073890","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1319","reference_id":"CVE-2022-1319","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1319"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319","reference_id":"CVE-2022-1319","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5532","reference_id":"RHSA-2022:5532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8761","reference_id":"RHSA-2022:8761","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/326809?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.2.20.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrj-chs2-d3ab"},{"vulnerability":"VCID-2cv5-9v62-kfbm"},{"vulnerability":"VCID-5585-a76n-zubf"},{"vulnerability":"VCID-7yc7-e35f-8uhj"},{"vulnerability":"VCID-ns3p-22xg-q3bz"},{"vulnerability":"VCID-tc7q-5xss-nyfh"},{"vulnerability":"VCID-usz2-tufg-k7gz"},{"vulnerability":"VCID-xme8-usmd-vqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.20.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/324342?format=json","purl":"pkg:maven/io.undertow/undertow-core@2.3.1.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vrj-chs2-d3ab"},{"vulnerability":"VCID-2cv5-9v62-kfbm"},{"vulnerability":"VCID-5585-a76n-zubf"},{"vulnerability":"VCID-ns3p-22xg-q3bz"},{"vulnerability":"VCID-tc7q-5xss-nyfh"},{"vulnerability":"VCID-usz2-tufg-k7gz"},{"vulnerability":"VCID-xme8-usmd-vqg3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.3.1.Final"}],"aliases":["CVE-2022-1319"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93ut-2de3-ckc5"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.undertow/undertow-core@2.2.19"}