A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow before 2.2.4.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Description
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow before 2.2.4.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Vulnerability ID: CVE-2020-27782
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2021-02-23T19:15:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.2.26.Final
Link To SCA
Reference – NVD link