CVE-2018-14642 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <2.0.19.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00746 pctl0.7217

Details

Exposure of Sensitive Information to an Unauthorized Actor in Undertow An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Metadata

Created: 2022-05-13T01:12:21Z
Modified: 2022-06-29T19:11:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vf6r-mmhc-3xcm/GHSA-vf6r-mmhc-3xcm.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-vf6r-mmhc-3xcm
Finding: F017
Auto approve: 1