VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pjz1-43jj-xuau

Essentials
Severities (27)
References (33)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pjz1-43jj-xuau
Aliases	CVE-2021-3629 GHSA-rf6q-vx79-mjxr
Summary	Undertow Uncontrolled Resource Consumption A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
epss	0.00096	https://api.first.org/data/v1/epss?cve=CVE-2021-3629
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=1977362
generic_textual	HIGH	https://bugzilla.redhat.com/show_bug.cgi?id=1977362
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-rf6q-vx79-mjxr
cvssv3.1	7.5	https://github.com/undertow-io/undertow
generic_textual	HIGH	https://github.com/undertow-io/undertow
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2021-3629
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2021-3629
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-3629
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2021-3629
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20220729-0008
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20220729-0008

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-3629
		https://bugzilla.redhat.com/show_bug.cgi?id=1977362
		https://github.com/undertow-io/undertow
		https://nvd.nist.gov/vuln/detail/CVE-2021-3629
		https://security.netapp.com/advisory/ntap-20220729-0008
		https://security.netapp.com/advisory/ntap-20220729-0008/
1016448		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:netapp:oncommand_insight:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:-:::::::*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
cpe:2.3:a:redhat:integration:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:integration:-::::text-only:::
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:-::::text-only:::
cpe:2.3:a:redhat:single_sign-on:-::::text-only:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-::::text-only:::
cpe:2.3:a:redhat:undertow::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:undertow::::::::
cpe:2.3:a:redhat:wildfly_core::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:wildfly_core::::::::
GHSA-rf6q-vx79-mjxr		https://github.com/advisories/GHSA-rf6q-vx79-mjxr
RHSA-2021:4676		https://access.redhat.com/errata/RHSA-2021:4676
RHSA-2021:4677		https://access.redhat.com/errata/RHSA-2021:4677
RHSA-2021:4679		https://access.redhat.com/errata/RHSA-2021:4679
RHSA-2021:4767		https://access.redhat.com/errata/RHSA-2021:4767
RHSA-2021:5134		https://access.redhat.com/errata/RHSA-2021:5134
RHSA-2021:5149		https://access.redhat.com/errata/RHSA-2021:5149
RHSA-2021:5150		https://access.redhat.com/errata/RHSA-2021:5150
RHSA-2021:5151		https://access.redhat.com/errata/RHSA-2021:5151
RHSA-2021:5154		https://access.redhat.com/errata/RHSA-2021:5154
RHSA-2021:5170		https://access.redhat.com/errata/RHSA-2021:5170
RHSA-2022:0146		https://access.redhat.com/errata/RHSA-2022:0146
RHSA-2022:1179		https://access.redhat.com/errata/RHSA-2022:1179
RHSA-2022:5532		https://access.redhat.com/errata/RHSA-2022:5532
RHSA-2022:6407		https://access.redhat.com/errata/RHSA-2022:6407

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3629.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1977362

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/undertow-io/undertow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3629

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20220729-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.27745
EPSS Score	0.00096
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:19.468419+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rf6q-vx79-mjxr/GHSA-rf6q-vx79-mjxr.json	36.1.3