Open github-actions[bot] opened 3 years ago
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Issue still exists.
Description
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow before 2.2.4.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Vulnerability ID: CVE-2020-27782
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2021-02-23T19:15:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.0.35.Final
Link To SCA
Reference – NVD link