A flaw was found in Undertow prior to 2.0.40.Final and 2.1.x prior to 2.2.10.Final . A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Description
A flaw was found in Undertow prior to 2.0.40.Final and 2.1.x prior to 2.2.10.Final . A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Vulnerability ID: CVE-2021-3690
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2022-08-23T17:35:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.3.16.SP1-redhat-00001
Link To SCA
Reference – NVD link