CX: CVE-2020-10687 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master

CxMichaelF / JavaVulnerableLab

lab

GNU General Public License v2.0

0 stars 1 forks source link

CX: CVE-2020-10687 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master #22

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Description

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.

MEDIUM Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master

Vulnerability ID: CVE-2020-10687

Package Name: io.undertow:undertow-core

Severity: MEDIUM

CVSS Score: 6.5

Publish Date: 2020-09-23T13:15:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.0.35.Final

Link To SCA

Reference – NVD link

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.