CVE-2018-1114 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <1.4.25.final || >=2.0.0.alpha1 <2.0.5.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00684 pctl0.70768

Details

Uncontrolled Resource Consumption in Undertow It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

Metadata

Created: 2022-05-13T01:33:31Z
Modified: 2022-06-29T23:28:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gjjx-gqm4-wcgm/GHSA-gjjx-gqm4-wcgm.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-gjjx-gqm4-wcgm
Finding: F067
Auto approve: 1