CX: CVE-2023-1973 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master

github-actions[bot] commented 1 month ago

Description

A flaw was found in Undertow package. Using the "FormAuthenticationMechanism", a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an "OutofMemory" error, exhausting the server's memory. This issue affects packages undertow-servlet and undertow-core in versions prior to 2.2.32.Final, and 2.3.x prior to 2.3.13.Final.

HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master

Vulnerability ID: CVE-2023-1973

Package Name: io.undertow:undertow-core

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2024-04-05T09:44:00

Current Package Version: 2.0.9.Final

Remediation Upgrade Recommendation: 2.2.36.Final

Link To SCA

Reference – NVD link

github-actions[bot] commented 4 days ago

Issue still exists.

github-actions[bot] commented 4 days ago

Issue still exists.

SamHeadrickCx / JavaVulnerableLab-1

CX: CVE-2023-1973 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab-1.refs/heads/master #57