Search for packages
Package details: pkg:maven/io.undertow/undertow-core@2.3.15.Final
purl pkg:maven/io.undertow/undertow-core@2.3.15.Final
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-mg72-p5nt-4bg8
Aliases:
CVE-2024-4109
GHSA-22c5-cpvr-cfvq
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests. There are no reported fixed by versions.
VCID-tp84-pqr2-jufg
Aliases:
CVE-2024-7885
GHSA-9623-mqmm-5rcf
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
2.3.16.Final
Affected by 2 other vulnerabilities.
2.3.17.Final
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-5kpp-fmnn-aaaa undertow: LearningPushHandler can lead to remote memory DoS attacks CVE-2024-3653
GHSA-ch7q-gpff-h9hp
VCID-urfc-w8hp-aaak undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket CVE-2024-5971
GHSA-xpp6-8r3j-ww43

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:13:53.516027+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.1.3
2025-06-20T17:06:40.393041+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.3
2025-06-20T17:04:54.979225+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 36.1.3
2025-06-20T17:04:44.475886+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 36.1.3
2025-06-03T23:49:20.600696+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.1.0
2025-06-03T23:42:50.196102+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.0
2025-06-03T23:41:12.836049+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 36.1.0
2025-06-03T23:41:02.124906+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 36.1.0
2025-06-02T23:48:04.454029+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.1.2
2025-06-02T23:41:06.988706+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.1.2
2025-06-02T23:39:27.713239+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 36.1.2
2025-06-02T23:39:17.273979+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 36.1.2
2025-04-03T22:36:29.424845+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 36.0.0
2025-04-03T22:21:01.169338+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 36.0.0
2025-04-03T22:18:02.777971+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 36.0.0
2025-04-03T22:17:46.329654+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 36.0.0
2025-02-18T04:25:30.699780+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 35.1.0
2025-02-18T04:17:12.938717+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 35.1.0
2025-02-18T04:04:17.834762+00:00 GitLab Importer Affected by VCID-mg72-p5nt-4bg8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-4109.yml 35.1.0
2025-02-18T04:00:23.893223+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 35.1.0
2024-11-21T01:20:36.259982+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 35.0.0
2024-11-21T01:19:33.775521+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 35.0.0
2024-11-21T01:10:18.423777+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 35.0.0
2024-11-19T19:45:17.452224+00:00 GHSA Importer Fixing VCID-5kpp-fmnn-aaaa https://github.com/advisories/GHSA-ch7q-gpff-h9hp 34.3.2
2024-11-19T01:06:56.202457+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.3.2
2024-11-19T01:05:59.630080+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 34.3.2
2024-11-19T00:59:01.185706+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 34.3.2
2024-11-19T00:48:38.073394+00:00 GithubOSV Importer Fixing VCID-5kpp-fmnn-aaaa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-ch7q-gpff-h9hp/GHSA-ch7q-gpff-h9hp.json 34.3.2
2024-10-15T19:30:59.736332+00:00 GithubOSV Importer Fixing VCID-urfc-w8hp-aaak https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-xpp6-8r3j-ww43/GHSA-xpp6-8r3j-ww43.json 34.0.2
2024-10-08T01:42:31.326766+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.0.2
2024-10-08T01:42:03.314584+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 34.0.2
2024-10-08T01:36:57.367356+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 34.0.2
2024-10-07T22:33:32.393085+00:00 GHSA Importer Affected by VCID-tp84-pqr2-jufg https://github.com/advisories/GHSA-9623-mqmm-5rcf 34.0.2
2024-10-07T22:32:19.473097+00:00 GHSA Importer Fixing VCID-urfc-w8hp-aaak https://github.com/advisories/GHSA-xpp6-8r3j-ww43 34.0.2
2024-10-07T22:15:44.708976+00:00 GHSA Importer Fixing VCID-5kpp-fmnn-aaaa https://github.com/advisories/GHSA-ch7q-gpff-h9hp 34.0.2
2024-09-30T21:17:47.070981+00:00 GithubOSV Importer Fixing VCID-urfc-w8hp-aaak https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-xpp6-8r3j-ww43/GHSA-xpp6-8r3j-ww43.json 34.0.1
2024-09-23T01:44:31.188610+00:00 GitLab Importer Fixing VCID-urfc-w8hp-aaak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-5971.yml 34.0.1
2024-09-23T01:34:15.325689+00:00 GitLab Importer Fixing VCID-5kpp-fmnn-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-3653.yml 34.0.1
2024-09-22T22:50:27.211598+00:00 GHSA Importer Fixing VCID-urfc-w8hp-aaak https://github.com/advisories/GHSA-xpp6-8r3j-ww43 34.0.1
2024-09-22T22:42:21.211793+00:00 GHSA Importer Fixing VCID-5kpp-fmnn-aaaa https://github.com/advisories/GHSA-ch7q-gpff-h9hp 34.0.1
2024-09-20T21:22:23.115244+00:00 GitLab Importer Affected by VCID-tp84-pqr2-jufg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.undertow/undertow-core/CVE-2024-7885.yml 34.0.1
2024-09-17T21:59:45.865184+00:00 GHSA Importer Affected by VCID-tp84-pqr2-jufg https://github.com/advisories/GHSA-9623-mqmm-5rcf 34.0.1