CVE-2024-4109 – io.undertow:undertow-core

Package

Manager: maven
Name: io.undertow:undertow-core
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse # Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. # Original Description A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests.

Metadata

Created: 2024-12-12T09:31:36Z
Modified: 2025-01-16T23:09:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/12/GHSA-22c5-cpvr-cfvq/GHSA-22c5-cpvr-cfvq.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-22c5-cpvr-cfvq
Finding: N/A
Auto approve: 0