pkg:maven/io.undertow/undertow-core

Type maven

Namespace io.undertow

Name undertow-core

Known advisories, vulnerabilities and fixes for io.undertow/undertow-core package.

Repository: https://mvnrepository.com/artifact/io.undertow/undertow-core

Critical 3

High 14

Moderate 14

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	<= 2.0.42	CVE-2020-1757	MAVEN:GHSA-2W73-FQQJ-C92P	Improper Input Validation in Undertow	high	2022-05-24T17:15:56 (2 years ago)
Fixed	= 2.1.0	CVE-2020-1757	MAVEN:GHSA-2W73-FQQJ-C92P	Improper Input Validation in Undertow	high	2022-05-24T17:15:56 (2 years ago)
Affected	< 2.2.15	CVE-2021-3859	MAVEN:GHSA-339Q-62WM-C39W	Undertow vulnerable to Denial of Service (DoS) attacks	high	2022-07-15T21:32:13 (2 years ago)
Fixed	= 2.2.15	CVE-2021-3859	MAVEN:GHSA-339Q-62WM-C39W	Undertow vulnerable to Denial of Service (DoS) attacks	high	2022-07-15T21:32:13 (2 years ago)
Affected	< 1.3.25.Final >= 1.4.0, < 1.4.3.Final	CVE-2016-7046	MAVEN:GHSA-3F57-W2RP-72FC	Undertow Uncaught Exception vulnerability	moderate	2022-05-17T00:15:06 (2 years ago)
Fixed	= 1.3.25.Final = 1.4.3.Final	CVE-2016-7046	MAVEN:GHSA-3F57-W2RP-72FC	Undertow Uncaught Exception vulnerability	moderate	2022-05-17T00:15:06 (2 years ago)
Affected	< 1.3.28	CVE-2017-2670	MAVEN:GHSA-3X7H-5HFR-HVJM	Moderate severity vulnerability that affects io.undertow:undertow-core	moderate	2018-10-19T16:54:56 (5 years ago)
Fixed	= 1.3.28	CVE-2017-2670	MAVEN:GHSA-3X7H-5HFR-HVJM	Moderate severity vulnerability that affects io.undertow:undertow-core	moderate	2018-10-19T16:54:56 (5 years ago)
Affected	= 2.0.0.Alpha1 >= 1.4.0, < 1.4.17 < 1.3.31	CVE-2017-12165	MAVEN:GHSA-5GG7-5WV8-4GCJ	Undertow Request Smuggling vulnerability	high	2022-05-13T01:38:14 (2 years ago)
Fixed	= 2.0.0.Beta1 = 1.4.17 = 1.3.31	CVE-2017-12165	MAVEN:GHSA-5GG7-5WV8-4GCJ	Undertow Request Smuggling vulnerability	high	2022-05-13T01:38:14 (2 years ago)
Affected	< 2.0.20	CVE-2019-10212	MAVEN:GHSA-8VH8-VC28-M2HF	Potential to access user credentials from the log files when debug logging enabled	critical	2019-11-20T01:33:54 (4 years ago)
Fixed	= 2.0.20	CVE-2019-10212	MAVEN:GHSA-8VH8-VC28-M2HF	Potential to access user credentials from the log files when debug logging enabled	critical	2019-11-20T01:33:54 (4 years ago)
Affected	< 2.3.14.Final	CVE-2024-6162	MAVEN:GHSA-9442-GM4V-R222	Undertow's url-encoded request path information can be broken on ajp-listener	high	2024-06-20T15:31:19 (2 months ago)
Fixed	= 2.3.14.Final	CVE-2024-6162	MAVEN:GHSA-9442-GM4V-R222	Undertow's url-encoded request path information can be broken on ajp-listener	high	2024-06-20T15:31:19 (2 months ago)
Affected	= 2.3.0.Alpha1 < 2.2.19.Final	CVE-2022-2053	MAVEN:GHSA-95RF-557X-44G5	Undertow vulnerable to Dos via Large AJP request	high	2022-08-06T00:00:46 (2 years ago)
Fixed	= 2.3.0.Alpha2 = 2.2.19.Final	CVE-2022-2053	MAVEN:GHSA-95RF-557X-44G5	Undertow vulnerable to Dos via Large AJP request	high	2022-08-06T00:00:46 (2 years ago)
Affected	<= 2.3.15.Final	CVE-2024-7885	MAVEN:GHSA-9623-MQMM-5RCF	Undertow vulnerable to Race Condition	high	2024-08-21T15:30:54 (3 weeks ago)
Affected	<= 2.1.0.Final	CVE-2020-10719	MAVEN:GHSA-CCCF-7XW3-P2VR	HTTP Request Smuggling in Undertow	moderate	2021-04-30T17:28:33 (3 years ago)
Fixed	= 2.1.1.Final	CVE-2020-10719	MAVEN:GHSA-CCCF-7XW3-P2VR	HTTP Request Smuggling in Undertow	moderate	2021-04-30T17:28:33 (3 years ago)
Affected	<= 2.3.14.Final	CVE-2024-3653	MAVEN:GHSA-CH7Q-GPFF-H9HP	Undertow Missing Release of Memory after Effective Lifetime vulnerability	moderate	2024-07-09T00:31:40 (2 months ago)
Affected	<= 1.4.23.Final >= 2.0.0.Alpha1, <= 2.0.1.Final	CVE-2017-12196	MAVEN:GHSA-CP7V-VMV7-6X2Q	Incorrect Authorization in Undertow	moderate	2022-05-13T01:38:10 (2 years ago)
Fixed	= 1.4.24.Final = 2.0.2.FInal	CVE-2017-12196	MAVEN:GHSA-CP7V-VMV7-6X2Q	Incorrect Authorization in Undertow	moderate	2022-05-13T01:38:10 (2 years ago)
Affected	>= 2.2.0, < 2.2.10 < 2.0.40	CVE-2021-3690	MAVEN:GHSA-FJ7C-VG2V-CCRM	Undertow vulnerable to memory exhaustion due to buffer leak	high	2022-07-15T21:07:20 (2 years ago)
Fixed	= 2.2.10 = 2.0.40	CVE-2021-3690	MAVEN:GHSA-FJ7C-VG2V-CCRM	Undertow vulnerable to memory exhaustion due to buffer leak	high	2022-07-15T21:07:20 (2 years ago)
Affected	<= 2.1.0.Final	CVE-2020-10705	MAVEN:GHSA-G4CP-H53P-V3V8	Allocation of Resources Without Limits or Throttling in Undertow	high	2021-04-30T17:28:42 (3 years ago)
Fixed	= 2.1.1.Final	CVE-2020-10705	MAVEN:GHSA-G4CP-H53P-V3V8	Allocation of Resources Without Limits or Throttling in Undertow	high	2021-04-30T17:28:42 (3 years ago)
Affected	>= 2.0.0.Alpha1, <= 2.0.4.Final <= 1.4.24.FInal	CVE-2018-1114	MAVEN:GHSA-GJJX-GQM4-WCGM	Uncontrolled Resource Consumption in Undertow	moderate	2022-05-13T01:33:31 (2 years ago)
Fixed	= 2.0.5.Final = 1.4.25.Final	CVE-2018-1114	MAVEN:GHSA-GJJX-GQM4-WCGM	Uncontrolled Resource Consumption in Undertow	moderate	2022-05-13T01:33:31 (2 years ago)
Affected	<= 2.0.29	CVE-2020-1745	MAVEN:GHSA-GV2W-88HX-8M9R	Improper Authorization in Undertoe	high	2022-05-24T17:16:46 (2 years ago)
Fixed	= 2.0.30	CVE-2020-1745	MAVEN:GHSA-GV2W-88HX-8M9R	Improper Authorization in Undertoe	high	2022-05-24T17:16:46 (2 years ago)
Affected	>= 1.2.0.Beta1, <= 1.2.0.Beta2 >= 1.1.0.Beta1, <= 1.1.0.CR4 >= 1.0.0, < 1.0.17	CVE-2014-7816	MAVEN:GHSA-H6P6-FC4W-CQHX	Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow	moderate	2022-05-17T04:15:16 (2 years ago)
Fixed	= 1.2.0.Beta3 = 1.1.0.CR5 = 1.0.17	CVE-2014-7816	MAVEN:GHSA-H6P6-FC4W-CQHX	Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow	moderate	2022-05-17T04:15:16 (2 years ago)
Affected	< 2.0.21	CVE-2019-3888	MAVEN:GHSA-JWGX-9MMH-684W	Credential exposure through log files in Undertow	critical	2019-06-13T20:02:56 (5 years ago)
Fixed	= 2.0.21	CVE-2019-3888	MAVEN:GHSA-JWGX-9MMH-684W	Credential exposure through log files in Undertow	critical	2019-06-13T20:02:56 (5 years ago)
Affected	< 2.2.24.Final >= 2.3.0, < 2.3.5.Final	CVE-2023-1108	MAVEN:GHSA-M4MM-PG93-FV78	Undertow denial of service vulnerability	high	2023-09-14T15:31:23 (12 months ago)
Fixed	= 2.2.24.Final = 2.3.5.Final	CVE-2023-1108	MAVEN:GHSA-M4MM-PG93-FV78	Undertow denial of service vulnerability	high	2023-09-14T15:31:23 (12 months ago)
Affected	>= 1.4.0, < 1.4.17 < 1.3.31	CVE-2017-2666	MAVEN:GHSA-MCFM-H73V-635M	Undertow-core vulnerable to HTTP Request Smuggling	moderate	2018-10-19T16:55:14 (5 years ago)
Fixed	= 1.4.17 = 1.3.31	CVE-2017-2666	MAVEN:GHSA-MCFM-H73V-635M	Undertow-core vulnerable to HTTP Request Smuggling	moderate	2018-10-19T16:55:14 (5 years ago)
Affected	<= 2.0.38.Final >= 2.1.0, <= 2.2.8.Final	CVE-2021-3597	MAVEN:GHSA-MFHV-GWF8-4M88	undertow Race Condition vulnerability	moderate	2022-05-25T00:00:21 (2 years ago)
Fixed	= 2.0.39.Final = 2.2.9.Final	CVE-2021-3597	MAVEN:GHSA-MFHV-GWF8-4M88	undertow Race Condition vulnerability	moderate	2022-05-25T00:00:21 (2 years ago)
Affected	<= 2.1.0.Final	CVE-2020-10687	MAVEN:GHSA-P9W3-GWC2-CR49	HTTP Request Smuggling in Undertow	moderate	2021-04-30T17:28:52 (3 years ago)
Fixed	= 2.2.0.Final	CVE-2020-10687	MAVEN:GHSA-P9W3-GWC2-CR49	HTTP Request Smuggling in Undertow	moderate	2021-04-30T17:28:52 (3 years ago)
Affected	< 2.2.24.Final >= 2.3.0, < 2.3.5.Final	CVE-2022-4492	MAVEN:GHSA-PFCC-3G6R-8RG8	Undertow client not checking server identity presented by server certificate in https connections	critical	2023-02-23T21:30:16 (19 months ago)
Fixed	= 2.2.24.Final = 2.3.5.Final	CVE-2022-4492	MAVEN:GHSA-PFCC-3G6R-8RG8	Undertow client not checking server identity presented by server certificate in https connections	critical	2023-02-23T21:30:16 (19 months ago)
Affected	< 2.0.34 >= 2.1.0, < 2.1.6	CVE-2021-20220	MAVEN:GHSA-QJWC-V72V-FQ6R	HTTP request smuggling in Undertow	moderate	2021-06-16T17:47:52 (3 years ago)
Fixed	= 2.0.34 = 2.1.6	CVE-2021-20220	MAVEN:GHSA-QJWC-V72V-FQ6R	HTTP request smuggling in Undertow	moderate	2021-06-16T17:47:52 (3 years ago)
Affected	>= 2.1.0, <= 2.2.10.Final <= 2.0.39.Final	CVE-2021-3629	MAVEN:GHSA-RF6Q-VX79-MJXR	Undertow Uncontrolled Resource Consumption	high	2022-05-25T00:00:22 (2 years ago)
Fixed	= 2.2.11.Final = 2.0.40.Final	CVE-2021-3629	MAVEN:GHSA-RF6Q-VX79-MJXR	Undertow Uncontrolled Resource Consumption	high	2022-05-25T00:00:22 (2 years ago)
Affected	< 2.0.33 >= 2.1.0, < 2.1.5	CVE-2020-27782	MAVEN:GHSA-RHCW-WJCM-9H6G	Denial of service in Undertow	high	2022-02-09T00:54:12 (2 years ago)
Fixed	= 2.0.33 = 2.1.5	CVE-2020-27782	MAVEN:GHSA-RHCW-WJCM-9H6G	Denial of service in Undertow	high	2022-02-09T00:54:12 (2 years ago)
Affected	= 2.0.0.Alpha1 >= 1.3.0, < 1.3.31.Final >= 1.4.0, < 1.4.17.Final	CVE-2017-7559	MAVEN:GHSA-RJ76-H87P-R3WF	Undertow vulnerable to Request Smuggling	moderate	2022-05-13T01:36:16 (2 years ago)
Fixed	= 2.0.0.Alpha2 = 1.3.31.Final = 1.4.17.Final	CVE-2017-7559	MAVEN:GHSA-RJ76-H87P-R3WF	Undertow vulnerable to Request Smuggling	moderate	2022-05-13T01:36:16 (2 years ago)
Affected	>= 2.3.0.Alpha1, < 2.3.12.Final < 2.2.31.Final	CVE-2024-1459	MAVEN:GHSA-V76W-3PH8-VM66	Undertow Path Traversal vulnerability	moderate	2024-02-12T21:30:55 (7 months ago)
Fixed	= 2.3.12.Final = 2.2.31.Final	CVE-2024-1459	MAVEN:GHSA-V76W-3PH8-VM66	Undertow Path Traversal vulnerability	moderate	2024-02-12T21:30:55 (7 months ago)
Affected	<= 2.0.18.FINAL	CVE-2018-14642	MAVEN:GHSA-VF6R-MMHC-3XCM	Exposure of Sensitive Information to an Unauthorized Actor in Undertow	moderate	2022-05-13T01:12:21 (2 years ago)
Fixed	= 2.0.19.FINAL	CVE-2018-14642	MAVEN:GHSA-VF6R-MMHC-3XCM	Exposure of Sensitive Information to an Unauthorized Actor in Undertow	moderate	2022-05-13T01:12:21 (2 years ago)
Affected	< 2.0.29.Final	CVE-2019-14888	MAVEN:GHSA-VJXC-FRW4-JMH5	Undertow vulnerable to Uncontrolled Resource Consumption	high	2022-05-24T17:07:10 (2 years ago)
Fixed	= 2.0.29.Final	CVE-2019-14888	MAVEN:GHSA-VJXC-FRW4-JMH5	Undertow vulnerable to Uncontrolled Resource Consumption	high	2022-05-24T17:07:10 (2 years ago)
Affected	<= 2.3.14.Final	CVE-2024-5971	MAVEN:GHSA-XPP6-8R3J-WW43	Undertow Denial of Service vulnerability	high	2024-07-08T21:31:40 (2 months ago)