Search for packages
| purl | pkg:maven/io.undertow/undertow-core@2.0.29 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b8bk-cnxe-dybe
Aliases: CVE-2020-1745 GHSA-gv2w-88hx-8m9r |
Improper Authorization in Undertoe A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution. |
Affected by 0 other vulnerabilities. Affected by 20 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-05T18:42:54.842592+00:00 | GHSA Importer | Affected by | VCID-b8bk-cnxe-dybe | https://github.com/advisories/GHSA-gv2w-88hx-8m9r | 37.0.0 |
| 2025-07-03T13:55:11.159630+00:00 | GitLab Importer | Affected by | VCID-b8bk-cnxe-dybe | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2020-1745.yml | 36.1.3 |