CVE-2023-1973 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: >=0 <2.2.32.final || >=2.3.0.alpha1 <2.3.13.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00536 pctl0.66515

Details

Undertow Denial of Service vulnerability A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.

Metadata

Created: 2024-11-07T12:30:34Z
Modified: 2024-11-07T18:10:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-97cq-f4jm-mv8h/GHSA-97cq-f4jm-mv8h.json
CWE IDs: ["CWE-20", "CWE-400"]
Alternative ID: GHSA-97cq-f4jm-mv8h
Finding: F002
Auto approve: 1