[GHSA-9442-gm4v-r222] Undertow's url-encoded request path information can be broken on ajp-listener

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.75k stars 336 forks source link

[GHSA-9442-gm4v-r222] Undertow's url-encoded request path information can be broken on ajp-listener #4913

Closed fawind closed 1 month ago

fawind commented 1 month ago

Updates

Affected products
CVSS v3
References

Comments The fix for CVE-2024-6162 also got backported on the 2.2.x branch to version 2.2.33.Final and higher.

For reference, see:

https://issues.redhat.com/browse/UNDERTOW-2334
https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf
https://github.com/undertow-io/undertow/pull/1612

advisory-database[bot] commented 1 month ago

Hi @fawind! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!