CX: CVE-2019-3888 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master

CxMichaelF / JavaVulnerableLab

lab

GNU General Public License v2.0

0 stars 1 forks source link

CX: CVE-2019-3888 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master #35

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Description

A vulnerability was found in Undertow web server up to 1.0.0.Alpha19, between 1.3.0.Beta9 to 1.3.0.Beta13, 1.3.0.CR.x, between 1.3.0.Final to 1.4.27.Final and 2.0.x before 2.0.20.Final. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master

Vulnerability ID: CVE-2019-3888

Package Name: io.undertow:undertow-core

Severity: HIGH

CVSS Score: 9.8

Publish Date: 2019-06-12T14:29:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.0.35.Final

Link To SCA

Reference – NVD link

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 3 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.

github-actions[bot] commented 2 years ago

Issue still exists.