CVE-2020-10719 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <2.1.1.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00167 pctl0.38293

Details

HTTP Request Smuggling in Undertow A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Metadata

Created: 2021-04-30T17:28:33Z
Modified: 2022-02-11T21:12:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-cccf-7xw3-p2vr/GHSA-cccf-7xw3-p2vr.json
CWE IDs: ["CWE-444"]
Alternative ID: GHSA-cccf-7xw3-p2vr
Finding: F110
Auto approve: 1