CVE-2021-3690 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <2.0.40 || >=2.2.0 <2.2.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00357 pctl0.57264

Details

Undertow vulnerable to memory exhaustion due to buffer leak Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.

Metadata

Created: 2022-07-15T21:07:20Z
Modified: 2022-09-08T14:21:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-fj7c-vg2v-ccrm/GHSA-fj7c-vg2v-ccrm.json
CWE IDs: ["CWE-400", "CWE-401"]
Alternative ID: GHSA-fj7c-vg2v-ccrm
Finding: F067
Auto approve: 1