Search for packages
Package details: pkg:maven/io.undertow/undertow-core@2.3.16.Final
purl pkg:maven/io.undertow/undertow-core@2.3.16.Final
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-mg72-p5nt-4bg8
Aliases:
CVE-2024-4109
GHSA-22c5-cpvr-cfvq
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests. There are no reported fixed by versions.
VCID-tp84-pqr2-jufg
Aliases:
CVE-2024-7885
GHSA-9623-mqmm-5rcf
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
2.3.17.Final
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-tp84-pqr2-jufg A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. CVE-2024-7885
GHSA-9623-mqmm-5rcf

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:13:53.517901+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.1.3
2025-06-20T17:06:42.027983+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.3
2025-06-20T17:06:40.394902+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.3
2025-06-03T23:49:20.602192+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.1.0
2025-06-03T23:42:51.758385+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.0
2025-06-03T23:42:50.197929+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.0
2025-06-02T23:48:04.455910+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.1.2
2025-06-02T23:41:09.178472+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.2
2025-06-02T23:41:06.990620+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.2
2025-04-03T22:36:29.429883+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.0.0
2025-04-03T22:21:03.690431+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.0.0
2025-04-03T22:21:01.174150+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.0.0
2025-02-18T04:25:32.286512+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 35.1.0
2025-02-18T04:25:30.704617+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 35.1.0
2025-02-18T04:04:17.840027+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 35.1.0
2024-11-21T01:20:37.879526+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 35.0.0
2024-11-21T01:20:36.264980+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 35.0.0
2024-11-19T01:06:57.830696+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.3.2
2024-11-19T01:06:56.208471+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.3.2
2024-10-26T14:40:15.996520+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.0.2
2024-10-17T02:13:02.466407+00:00 GHSA Importer Affected by VCID-tp84-pqr2-jufg https://github.com/advisories/GHSA-9623-mqmm-5rcf 34.0.2
2024-10-08T01:42:31.331490+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.0.2
2024-10-07T22:33:32.397864+00:00 GHSA Importer Fixing VCID-tp84-pqr2-jufg https://github.com/advisories/GHSA-9623-mqmm-5rcf 34.0.2
2024-09-23T01:44:52.060004+00:00 GitLab Importer Fixing VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.0.1
2024-09-22T22:51:41.866329+00:00 GHSA Importer Fixing VCID-tp84-pqr2-jufg https://github.com/advisories/GHSA-9623-mqmm-5rcf 34.0.1