[MAVEN:GHSA-G4CP-H53P-V3V8] Allocation of Resources Without Limits or Throttling in Undertow

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

Package	Affected Version
pkg:maven/io.undertow/undertow-core	<= 2.1.0.Final

Package	Fixed Version
pkg:maven/io.undertow/undertow-core	= 2.1.1.Final

ID: MAVEN:GHSA-G4CP-H53P-V3V8
Severity: high
URL: https://github.com/advisories/GHSA-g4cp-h53p-v3v8
Published: 2021-04-30T17:28:42
(3 years ago)
Modified: 2023-02-01T05:05:29
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2020-10705
			https://bugzilla.redhat.com/show_bug.cgi?id=1803241
			https://security.netapp.com/advisory/ntap-20220210-0014/
			https://github.com/advisories/GHSA-g4cp-h53p-v3v8

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/io.undertow/undertow-core	io.undertow	undertow-core	<= 2.1.0.Final
Fixed	pkg:maven/io.undertow/undertow-core	io.undertow	undertow-core	= 2.1.1.Final

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date