CVE-2021-3859 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <2.2.15

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00903 pctl0.74831

Details

Undertow vulnerable to Denial of Service (DoS) attacks Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.

Metadata

Created: 2022-07-15T21:32:13Z
Modified: 2022-09-08T14:24:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-339q-62wm-c39w/GHSA-339q-62wm-c39w.json
CWE IDs: ["CWE-214", "CWE-400", "CWE-668"]
Alternative ID: GHSA-339q-62wm-c39w
Finding: F002
Auto approve: 1