Search for packages
Package details: pkg:maven/io.undertow/undertow-core@1.4.0
purl pkg:maven/io.undertow/undertow-core@1.4.0
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-6gnb-ytj5-aaac
Aliases:
CVE-2017-2666
GHSA-mcfm-h73v-635m
High severity vulnerability that affects io.undertow:undertow-core
1.4.17
Affected by 0 other vulnerabilities.
1.4.17.Final
Affected by 36 other vulnerabilities.
2.0.0.Final
Affected by 38 other vulnerabilities.
2.0.0
Affected by 4 other vulnerabilities.
VCID-bu59-sqtv-aaak
Aliases:
CVE-2017-7559
GHSA-rj76-h87p-r3wf
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Invalid characters are allowed in query strings and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
1.4.17.Final
Affected by 36 other vulnerabilities.
2.0.0.Alpha2
Affected by 0 other vulnerabilities.
2.0.0.Beta1
Affected by 35 other vulnerabilities.
2.0.1.Final
Affected by 35 other vulnerabilities.
VCID-kq61-ccrm-aaan
Aliases:
CVE-2016-7046
GHSA-3f57-w2rp-72fc
Uncontrolled Resource Consumption Remote attackers could cause a denial of service (CPU and disk consumption) via a long URL.
1.4.3.Final
Affected by 39 other vulnerabilities.
1.4.4.Final
Affected by 38 other vulnerabilities.
2.0.0.Beta1
Affected by 35 other vulnerabilities.
2.0.1
Affected by 0 other vulnerabilities.
VCID-vanc-nzh3-aaab
Aliases:
CVE-2017-12165
GHSA-5gg7-5wv8-4gcj
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling.
1.4.17
Affected by 0 other vulnerabilities.
1.4.17.Final
Affected by 36 other vulnerabilities.
2.0.0.Beta1
Affected by 35 other vulnerabilities.
2.0.1.Final
Affected by 35 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-01-17T02:30:53.300840+00:00 GHSA Importer Affected by VCID-bu59-sqtv-aaak None 35.1.0
2025-01-17T02:30:46.396677+00:00 GHSA Importer Affected by VCID-6gnb-ytj5-aaac None 35.1.0
2025-01-17T02:30:27.154367+00:00 GHSA Importer Affected by VCID-vanc-nzh3-aaab None 35.1.0
2025-01-17T02:30:13.037487+00:00 GHSA Importer Affected by VCID-kq61-ccrm-aaan None 35.1.0
2024-09-17T22:37:09.851292+00:00 GitLab Importer Fixing VCID-67vd-ggxw-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2016-4993.yml 34.0.1
2024-09-17T22:37:09.104978+00:00 GitLab Importer Affected by VCID-vanc-nzh3-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2017-12165.yml 34.0.1
2024-09-17T22:37:08.631335+00:00 GitLab Importer Affected by VCID-bu59-sqtv-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2017-7559.yml 34.0.1
2024-09-17T22:37:08.457117+00:00 GitLab Importer Affected by VCID-6gnb-ytj5-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2017-2666.yml 34.0.1
2024-09-17T22:05:34.356340+00:00 GHSA Importer Affected by VCID-6gnb-ytj5-aaac https://github.com/advisories/GHSA-mcfm-h73v-635m 34.0.1
2024-09-17T22:04:05.026586+00:00 GHSA Importer Affected by VCID-kq61-ccrm-aaan https://github.com/advisories/GHSA-3f57-w2rp-72fc 34.0.1
2024-09-17T22:04:04.888848+00:00 GHSA Importer Affected by VCID-bu59-sqtv-aaak https://github.com/advisories/GHSA-rj76-h87p-r3wf 34.0.1
2024-09-17T22:00:27.359947+00:00 GHSA Importer Affected by VCID-vanc-nzh3-aaab https://github.com/advisories/GHSA-5gg7-5wv8-4gcj 34.0.1
2024-04-23T17:39:30.887291+00:00 GHSA Importer Affected by VCID-vanc-nzh3-aaab https://github.com/advisories/GHSA-5gg7-5wv8-4gcj 34.0.0rc4
2024-01-03T18:00:09.660735+00:00 GitLab Importer Fixing VCID-67vd-ggxw-aaaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2016-4993.yml 34.0.0rc1
2024-01-03T18:00:09.041286+00:00 GitLab Importer Affected by VCID-vanc-nzh3-aaab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2017-12165.yml 34.0.0rc1
2024-01-03T18:00:08.724885+00:00 GitLab Importer Affected by VCID-bu59-sqtv-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2017-7559.yml 34.0.0rc1
2024-01-03T18:00:08.638390+00:00 GitLab Importer Affected by VCID-6gnb-ytj5-aaac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2017-2666.yml 34.0.0rc1
2024-01-03T17:40:29.856603+00:00 GHSA Importer Affected by VCID-6gnb-ytj5-aaac https://github.com/advisories/GHSA-mcfm-h73v-635m 34.0.0rc1
2024-01-03T17:38:49.083992+00:00 GHSA Importer Affected by VCID-vanc-nzh3-aaab https://github.com/advisories/GHSA-5gg7-5wv8-4gcj 34.0.0rc1
2024-01-03T17:38:49.011360+00:00 GHSA Importer Affected by VCID-kq61-ccrm-aaan https://github.com/advisories/GHSA-3f57-w2rp-72fc 34.0.0rc1
2024-01-03T17:38:48.907122+00:00 GHSA Importer Affected by VCID-bu59-sqtv-aaak https://github.com/advisories/GHSA-rj76-h87p-r3wf 34.0.0rc1