CX: CVE-2021-3859 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 1 month ago

Description

A flaw was found in Undertow versions prior to 2.2.15.Final, that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.

HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master

Vulnerability ID: CVE-2021-3859

Package Name: io.undertow:undertow-core

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2022-08-25T23:09:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.2.36.Final

Link To SCA

Reference – NVD link

github-actions[bot] commented 4 days ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2021-3859 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master #56