pkg:maven/io.undertow/undertow-core
Type
maven
Namespace
io.undertow
Name
undertow-core
Known advisories, vulnerabilities and fixes for io.undertow/undertow-core package.
Critical
3
High
14
Moderate
14
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 2.0.42 |
CVE-2020-1757
|
MAVEN:GHSA-2W73-FQQJ-C92P | Improper Input Validation in Undertow | high |
2022-05-24T17:15:56
(2 years ago) |
|
Fixed | = 2.1.0 |
CVE-2020-1757
|
MAVEN:GHSA-2W73-FQQJ-C92P | Improper Input Validation in Undertow | high |
2022-05-24T17:15:56
(2 years ago) |
|
Affected | < 2.2.15 |
CVE-2021-3859
|
MAVEN:GHSA-339Q-62WM-C39W | Undertow vulnerable to Denial of Service (DoS) attacks | high |
2022-07-15T21:32:13
(2 years ago) |
|
Fixed | = 2.2.15 |
CVE-2021-3859
|
MAVEN:GHSA-339Q-62WM-C39W | Undertow vulnerable to Denial of Service (DoS) attacks | high |
2022-07-15T21:32:13
(2 years ago) |
|
Affected | < 1.3.25.Final >= 1.4.0, < 1.4.3.Final |
CVE-2016-7046
|
MAVEN:GHSA-3F57-W2RP-72FC | Undertow Uncaught Exception vulnerability | moderate |
2022-05-17T00:15:06
(2 years ago) |
|
Fixed | = 1.3.25.Final = 1.4.3.Final |
CVE-2016-7046
|
MAVEN:GHSA-3F57-W2RP-72FC | Undertow Uncaught Exception vulnerability | moderate |
2022-05-17T00:15:06
(2 years ago) |
|
Affected | < 1.3.28 |
CVE-2017-2670
|
MAVEN:GHSA-3X7H-5HFR-HVJM | Moderate severity vulnerability that affects io.undertow:undertow-core | moderate |
2018-10-19T16:54:56
(5 years ago) |
|
Fixed | = 1.3.28 |
CVE-2017-2670
|
MAVEN:GHSA-3X7H-5HFR-HVJM | Moderate severity vulnerability that affects io.undertow:undertow-core | moderate |
2018-10-19T16:54:56
(5 years ago) |
|
Affected | = 2.0.0.Alpha1 >= 1.4.0, < 1.4.17 < 1.3.31 |
CVE-2017-12165
|
MAVEN:GHSA-5GG7-5WV8-4GCJ | Undertow Request Smuggling vulnerability | high |
2022-05-13T01:38:14
(2 years ago) |
|
Fixed | = 2.0.0.Beta1 = 1.4.17 = 1.3.31 |
CVE-2017-12165
|
MAVEN:GHSA-5GG7-5WV8-4GCJ | Undertow Request Smuggling vulnerability | high |
2022-05-13T01:38:14
(2 years ago) |
|
Affected | < 2.0.20 |
CVE-2019-10212
|
MAVEN:GHSA-8VH8-VC28-M2HF | Potential to access user credentials from the log files when debug logging enabled | critical |
2019-11-20T01:33:54
(4 years ago) |
|
Fixed | = 2.0.20 |
CVE-2019-10212
|
MAVEN:GHSA-8VH8-VC28-M2HF | Potential to access user credentials from the log files when debug logging enabled | critical |
2019-11-20T01:33:54
(4 years ago) |
|
Affected | < 2.3.14.Final |
CVE-2024-6162
|
MAVEN:GHSA-9442-GM4V-R222 | Undertow's url-encoded request path information can be broken on ajp-listener | high |
2024-06-20T15:31:19
(2 months ago) |
|
Fixed | = 2.3.14.Final |
CVE-2024-6162
|
MAVEN:GHSA-9442-GM4V-R222 | Undertow's url-encoded request path information can be broken on ajp-listener | high |
2024-06-20T15:31:19
(2 months ago) |
|
Affected | = 2.3.0.Alpha1 < 2.2.19.Final |
CVE-2022-2053
|
MAVEN:GHSA-95RF-557X-44G5 | Undertow vulnerable to Dos via Large AJP request | high |
2022-08-06T00:00:46
(2 years ago) |
|
Fixed | = 2.3.0.Alpha2 = 2.2.19.Final |
CVE-2022-2053
|
MAVEN:GHSA-95RF-557X-44G5 | Undertow vulnerable to Dos via Large AJP request | high |
2022-08-06T00:00:46
(2 years ago) |
|
Affected | <= 2.3.15.Final |
CVE-2024-7885
|
MAVEN:GHSA-9623-MQMM-5RCF | Undertow vulnerable to Race Condition | high |
2024-08-21T15:30:54
(3 weeks ago) |
|
Affected | <= 2.1.0.Final |
CVE-2020-10719
|
MAVEN:GHSA-CCCF-7XW3-P2VR | HTTP Request Smuggling in Undertow | moderate |
2021-04-30T17:28:33
(3 years ago) |
|
Fixed | = 2.1.1.Final |
CVE-2020-10719
|
MAVEN:GHSA-CCCF-7XW3-P2VR | HTTP Request Smuggling in Undertow | moderate |
2021-04-30T17:28:33
(3 years ago) |
|
Affected | <= 2.3.14.Final |
CVE-2024-3653
|
MAVEN:GHSA-CH7Q-GPFF-H9HP | Undertow Missing Release of Memory after Effective Lifetime vulnerability | moderate |
2024-07-09T00:31:40
(2 months ago) |
|
Affected | <= 1.4.23.Final >= 2.0.0.Alpha1, <= 2.0.1.Final |
CVE-2017-12196
|
MAVEN:GHSA-CP7V-VMV7-6X2Q | Incorrect Authorization in Undertow | moderate |
2022-05-13T01:38:10
(2 years ago) |
|
Fixed | = 1.4.24.Final = 2.0.2.FInal |
CVE-2017-12196
|
MAVEN:GHSA-CP7V-VMV7-6X2Q | Incorrect Authorization in Undertow | moderate |
2022-05-13T01:38:10
(2 years ago) |
|
Affected | >= 2.2.0, < 2.2.10 < 2.0.40 |
CVE-2021-3690
|
MAVEN:GHSA-FJ7C-VG2V-CCRM | Undertow vulnerable to memory exhaustion due to buffer leak | high |
2022-07-15T21:07:20
(2 years ago) |
|
Fixed | = 2.2.10 = 2.0.40 |
CVE-2021-3690
|
MAVEN:GHSA-FJ7C-VG2V-CCRM | Undertow vulnerable to memory exhaustion due to buffer leak | high |
2022-07-15T21:07:20
(2 years ago) |
|
Affected | <= 2.1.0.Final |
CVE-2020-10705
|
MAVEN:GHSA-G4CP-H53P-V3V8 | Allocation of Resources Without Limits or Throttling in Undertow | high |
2021-04-30T17:28:42
(3 years ago) |
|
Fixed | = 2.1.1.Final |
CVE-2020-10705
|
MAVEN:GHSA-G4CP-H53P-V3V8 | Allocation of Resources Without Limits or Throttling in Undertow | high |
2021-04-30T17:28:42
(3 years ago) |
|
Affected | >= 2.0.0.Alpha1, <= 2.0.4.Final <= 1.4.24.FInal |
CVE-2018-1114
|
MAVEN:GHSA-GJJX-GQM4-WCGM | Uncontrolled Resource Consumption in Undertow | moderate |
2022-05-13T01:33:31
(2 years ago) |
|
Fixed | = 2.0.5.Final = 1.4.25.Final |
CVE-2018-1114
|
MAVEN:GHSA-GJJX-GQM4-WCGM | Uncontrolled Resource Consumption in Undertow | moderate |
2022-05-13T01:33:31
(2 years ago) |
|
Affected | <= 2.0.29 |
CVE-2020-1745
|
MAVEN:GHSA-GV2W-88HX-8M9R | Improper Authorization in Undertoe | high |
2022-05-24T17:16:46
(2 years ago) |
|
Fixed | = 2.0.30 |
CVE-2020-1745
|
MAVEN:GHSA-GV2W-88HX-8M9R | Improper Authorization in Undertoe | high |
2022-05-24T17:16:46
(2 years ago) |
|
Affected | >= 1.2.0.Beta1, <= 1.2.0.Beta2 >= 1.1.0.Beta1, <= 1.1.0.CR4 >= 1.0.0, < 1.0.17 |
CVE-2014-7816
|
MAVEN:GHSA-H6P6-FC4W-CQHX | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow | moderate |
2022-05-17T04:15:16
(2 years ago) |
|
Fixed | = 1.2.0.Beta3 = 1.1.0.CR5 = 1.0.17 |
CVE-2014-7816
|
MAVEN:GHSA-H6P6-FC4W-CQHX | Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow | moderate |
2022-05-17T04:15:16
(2 years ago) |
|
Affected | < 2.0.21 |
CVE-2019-3888
|
MAVEN:GHSA-JWGX-9MMH-684W | Credential exposure through log files in Undertow | critical |
2019-06-13T20:02:56
(5 years ago) |
|
Fixed | = 2.0.21 |
CVE-2019-3888
|
MAVEN:GHSA-JWGX-9MMH-684W | Credential exposure through log files in Undertow | critical |
2019-06-13T20:02:56
(5 years ago) |
|
Affected | < 2.2.24.Final >= 2.3.0, < 2.3.5.Final |
CVE-2023-1108
|
MAVEN:GHSA-M4MM-PG93-FV78 | Undertow denial of service vulnerability | high |
2023-09-14T15:31:23
(12 months ago) |
|
Fixed | = 2.2.24.Final = 2.3.5.Final |
CVE-2023-1108
|
MAVEN:GHSA-M4MM-PG93-FV78 | Undertow denial of service vulnerability | high |
2023-09-14T15:31:23
(12 months ago) |
|
Affected | >= 1.4.0, < 1.4.17 < 1.3.31 |
CVE-2017-2666
|
MAVEN:GHSA-MCFM-H73V-635M | Undertow-core vulnerable to HTTP Request Smuggling | moderate |
2018-10-19T16:55:14
(5 years ago) |
|
Fixed | = 1.4.17 = 1.3.31 |
CVE-2017-2666
|
MAVEN:GHSA-MCFM-H73V-635M | Undertow-core vulnerable to HTTP Request Smuggling | moderate |
2018-10-19T16:55:14
(5 years ago) |
|
Affected | <= 2.0.38.Final >= 2.1.0, <= 2.2.8.Final |
CVE-2021-3597
|
MAVEN:GHSA-MFHV-GWF8-4M88 | undertow Race Condition vulnerability | moderate |
2022-05-25T00:00:21
(2 years ago) |
|
Fixed | = 2.0.39.Final = 2.2.9.Final |
CVE-2021-3597
|
MAVEN:GHSA-MFHV-GWF8-4M88 | undertow Race Condition vulnerability | moderate |
2022-05-25T00:00:21
(2 years ago) |
|
Affected | <= 2.1.0.Final |
CVE-2020-10687
|
MAVEN:GHSA-P9W3-GWC2-CR49 | HTTP Request Smuggling in Undertow | moderate |
2021-04-30T17:28:52
(3 years ago) |
|
Fixed | = 2.2.0.Final |
CVE-2020-10687
|
MAVEN:GHSA-P9W3-GWC2-CR49 | HTTP Request Smuggling in Undertow | moderate |
2021-04-30T17:28:52
(3 years ago) |
|
Affected | < 2.2.24.Final >= 2.3.0, < 2.3.5.Final |
CVE-2022-4492
|
MAVEN:GHSA-PFCC-3G6R-8RG8 | Undertow client not checking server identity presented by server certificate in https connections | critical |
2023-02-23T21:30:16
(19 months ago) |
|
Fixed | = 2.2.24.Final = 2.3.5.Final |
CVE-2022-4492
|
MAVEN:GHSA-PFCC-3G6R-8RG8 | Undertow client not checking server identity presented by server certificate in https connections | critical |
2023-02-23T21:30:16
(19 months ago) |
|
Affected | < 2.0.34 >= 2.1.0, < 2.1.6 |
CVE-2021-20220
|
MAVEN:GHSA-QJWC-V72V-FQ6R | HTTP request smuggling in Undertow | moderate |
2021-06-16T17:47:52
(3 years ago) |
|
Fixed | = 2.0.34 = 2.1.6 |
CVE-2021-20220
|
MAVEN:GHSA-QJWC-V72V-FQ6R | HTTP request smuggling in Undertow | moderate |
2021-06-16T17:47:52
(3 years ago) |
|
Affected | >= 2.1.0, <= 2.2.10.Final <= 2.0.39.Final |
CVE-2021-3629
|
MAVEN:GHSA-RF6Q-VX79-MJXR | Undertow Uncontrolled Resource Consumption | high |
2022-05-25T00:00:22
(2 years ago) |
|
Fixed | = 2.2.11.Final = 2.0.40.Final |
CVE-2021-3629
|
MAVEN:GHSA-RF6Q-VX79-MJXR | Undertow Uncontrolled Resource Consumption | high |
2022-05-25T00:00:22
(2 years ago) |
|
Affected | < 2.0.33 >= 2.1.0, < 2.1.5 |
CVE-2020-27782
|
MAVEN:GHSA-RHCW-WJCM-9H6G | Denial of service in Undertow | high |
2022-02-09T00:54:12
(2 years ago) |
|
Fixed | = 2.0.33 = 2.1.5 |
CVE-2020-27782
|
MAVEN:GHSA-RHCW-WJCM-9H6G | Denial of service in Undertow | high |
2022-02-09T00:54:12
(2 years ago) |
|
Affected | = 2.0.0.Alpha1 >= 1.3.0, < 1.3.31.Final >= 1.4.0, < 1.4.17.Final |
CVE-2017-7559
|
MAVEN:GHSA-RJ76-H87P-R3WF | Undertow vulnerable to Request Smuggling | moderate |
2022-05-13T01:36:16
(2 years ago) |
|
Fixed | = 2.0.0.Alpha2 = 1.3.31.Final = 1.4.17.Final |
CVE-2017-7559
|
MAVEN:GHSA-RJ76-H87P-R3WF | Undertow vulnerable to Request Smuggling | moderate |
2022-05-13T01:36:16
(2 years ago) |
|
Affected | >= 2.3.0.Alpha1, < 2.3.12.Final < 2.2.31.Final |
CVE-2024-1459
|
MAVEN:GHSA-V76W-3PH8-VM66 | Undertow Path Traversal vulnerability | moderate |
2024-02-12T21:30:55
(7 months ago) |
|
Fixed | = 2.3.12.Final = 2.2.31.Final |
CVE-2024-1459
|
MAVEN:GHSA-V76W-3PH8-VM66 | Undertow Path Traversal vulnerability | moderate |
2024-02-12T21:30:55
(7 months ago) |
|
Affected | <= 2.0.18.FINAL |
CVE-2018-14642
|
MAVEN:GHSA-VF6R-MMHC-3XCM | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | moderate |
2022-05-13T01:12:21
(2 years ago) |
|
Fixed | = 2.0.19.FINAL |
CVE-2018-14642
|
MAVEN:GHSA-VF6R-MMHC-3XCM | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | moderate |
2022-05-13T01:12:21
(2 years ago) |
|
Affected | < 2.0.29.Final |
CVE-2019-14888
|
MAVEN:GHSA-VJXC-FRW4-JMH5 | Undertow vulnerable to Uncontrolled Resource Consumption | high |
2022-05-24T17:07:10
(2 years ago) |
|
Fixed | = 2.0.29.Final |
CVE-2019-14888
|
MAVEN:GHSA-VJXC-FRW4-JMH5 | Undertow vulnerable to Uncontrolled Resource Consumption | high |
2022-05-24T17:07:10
(2 years ago) |
|
Affected | <= 2.3.14.Final |
CVE-2024-5971
|
MAVEN:GHSA-XPP6-8R3J-WW43 | Undertow Denial of Service vulnerability | high |
2024-07-08T21:31:40
(2 months ago) |