CX: CVE-2023-1108 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 1 month ago

Description

A flaw was found in undertow in versions prior to 2.2.24.Final, and 2.3.x prior to 2.3.5.Final. This issue makes achieving a Denial-of-Service (DoS) possible due to an unexpected handshake status updated in "SslConduit", where the loop never terminates.

HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master

Vulnerability ID: CVE-2023-1108

Package Name: io.undertow:undertow-core

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2023-09-14T15:15:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.2.36.Final

Link To SCA

Reference – NVD link

github-actions[bot] commented 4 days ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2023-1108 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master #53