VulnerableCode Package Details - pkg:maven/io.undertow/undertow-core@2.3.0

Search for packages

Package details: pkg:maven/io.undertow/undertow-core@2.3.0

Essentials
History (15)

purl	pkg:maven/io.undertow/undertow-core@2.3.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-732h-twxw-aaap Aliases: CVE-2022-2053 GHSA-95rf-557x-44g5	CVE-2022-2053 undertow: Large AJP request may cause DoS	2.3.1.Final Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-f6a4-nmup-aaaq Aliases: CVE-2023-1108 GHSA-m4mm-pg93-fv78	A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.	2.3.5.Final Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-sssr-kebe-aaah Aliases: CVE-2022-2764	CVE-2022-2764 Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations	2.3.1.Final Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tw4d-xnwu-aaah Aliases: CVE-2022-1319	A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.	2.3.1.Final Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uyp8-req2-aaag Aliases: CVE-2022-4492 GHSA-pfcc-3g6r-8rg8	Undertow client not checking server identity presented by server certificate in https connections	2.3.5.Final Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-29T10:49:14.584851+00:00	GHSA Importer	Affected by	VCID-uyp8-req2-aaag	https://github.com/advisories/GHSA-pfcc-3g6r-8rg8	36.0.0
2024-10-08T00:04:50.286275+00:00	GitLab Importer	Affected by	VCID-uyp8-req2-aaag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-4492.yml	34.0.2
2024-09-17T22:37:09.721766+00:00	GitLab Importer	Affected by	VCID-732h-twxw-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-2053.yml	34.0.1
2024-09-17T22:37:09.361106+00:00	GitLab Importer	Affected by	VCID-f6a4-nmup-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2023-1108.yml	34.0.1
2024-09-17T22:37:08.423538+00:00	GitLab Importer	Affected by	VCID-sssr-kebe-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-2764.yml	34.0.1
2024-09-17T22:37:08.028144+00:00	GitLab Importer	Affected by	VCID-tw4d-xnwu-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-1319.yml	34.0.1
2024-09-17T22:03:33.923290+00:00	GHSA Importer	Affected by	VCID-uyp8-req2-aaag	https://github.com/advisories/GHSA-pfcc-3g6r-8rg8	34.0.1
2024-09-17T22:02:54.011633+00:00	GHSA Importer	Affected by	VCID-f6a4-nmup-aaaq	https://github.com/advisories/GHSA-m4mm-pg93-fv78	34.0.1
2024-05-04T00:19:34.205072+00:00	GHSA Importer	Affected by	VCID-f6a4-nmup-aaaq	https://github.com/advisories/GHSA-m4mm-pg93-fv78	34.0.0rc4
2024-01-03T18:00:09.541742+00:00	GitLab Importer	Affected by	VCID-732h-twxw-aaap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-2053.yml	34.0.0rc1
2024-01-03T18:00:09.272360+00:00	GitLab Importer	Affected by	VCID-f6a4-nmup-aaaq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2023-1108.yml	34.0.0rc1
2024-01-03T18:00:08.609397+00:00	GitLab Importer	Affected by	VCID-sssr-kebe-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-2764.yml	34.0.0rc1
2024-01-03T18:00:08.394898+00:00	GitLab Importer	Affected by	VCID-tw4d-xnwu-aaah	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2022-1319.yml	34.0.0rc1
2024-01-03T17:38:21.490406+00:00	GHSA Importer	Affected by	VCID-uyp8-req2-aaag	https://github.com/advisories/GHSA-pfcc-3g6r-8rg8	34.0.0rc1
2024-01-03T17:37:42.383324+00:00	GHSA Importer	Affected by	VCID-f6a4-nmup-aaaq	https://github.com/advisories/GHSA-m4mm-pg93-fv78	34.0.0rc1