A flaw was found in Undertow versions prior to 2.2.15.Final, that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Description
A flaw was found in Undertow versions prior to 2.2.15.Final, that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch master
Vulnerability ID: CVE-2021-3859
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2022-08-25T23:09:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.2.26.Final
Link To SCA
Reference – NVD link