CVE-2023-3223 – io.undertow:undertow-parent

Package

Manager: maven
Name: io.undertow:undertow-parent
Vulnerable Version: >=0 <2.2.24.final

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00767 pctl0.72554

Details

Undertow vulnerable to denial of service A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.

Metadata

Created: 2023-09-27T15:30:35Z
Modified: 2024-05-03T20:27:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-65h2-wf7m-q2v8/GHSA-65h2-wf7m-q2v8.json
CWE IDs: ["CWE-400", "CWE-789"]
Alternative ID: GHSA-65h2-wf7m-q2v8
Finding: F002
Auto approve: 1