GHSA-97cq-f4jm-mv8h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-97cq-f4jm-mv8h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-97cq-f4jm-mv8h/GHSA-97cq-f4jm-mv8h.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-97cq-f4jm-mv8h
- Aliases
- Published
- 2024-11-07T12:30:34Z
- Modified
- 2024-11-07T18:29:24.302111Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 6.6 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Undertow Denial of Service vulnerability
- Details
-
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
- Database specific
{ "cwe_ids": [ "CWE-20", "CWE-400" ], "github_reviewed": true, "nvd_published_at": "2024-11-07T10:15:05Z", "github_reviewed_at": "2024-11-07T18:10:18Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-1973
- https://github.com/undertow-io/undertow/commit/0410f3c4d9b39b754a2203a29834cac51da11258
- https://github.com/undertow-io/undertow/commit/b289b18bc0ba40c134698a430c70ca1835c51d78
- https://access.redhat.com/errata/RHSA-2024:1674
- https://access.redhat.com/errata/RHSA-2024:1675
- https://access.redhat.com/errata/RHSA-2024:1676
- https://access.redhat.com/errata/RHSA-2024:1677
- https://access.redhat.com/errata/RHSA-2024:2763
- https://access.redhat.com/errata/RHSA-2024:2764
- https://access.redhat.com/security/cve/CVE-2023-1973
- https://bugzilla.redhat.com/show_bug.cgi?id=2185662
- https://github.com/undertow-io/undertow
Affected packages
Maven / io.undertow:undertow-core
Package
- Name
- io.undertow:undertow-core
- View open source insights on deps.dev
- Purl
- pkg:maven/io.undertow/undertow-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.32.Final
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.Alpha8
1.0.0.Alpha9
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Alpha12
1.0.0.Alpha13
1.0.0.Alpha14
1.0.0.Alpha15
1.0.0.Alpha16
1.0.0.Alpha17
1.0.0.Alpha18
1.0.0.Alpha19
1.0.0.Alpha20
1.0.0.Alpha21
1.0.0.Alpha22
1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.Beta4
1.0.0.Beta5
1.0.0.Beta6
1.0.0.Beta7
1.0.0.Beta8
1.0.0.Beta9
1.0.0.Beta10
1.0.0.Beta11
1.0.0.Beta12
1.0.0.Beta13
1.0.0.Beta14
1.0.0.Beta15
1.0.0.Beta16
1.0.0.Beta17
1.0.0.Beta18
1.0.0.Beta19
1.0.0.Beta20
1.0.0.Beta21
1.0.0.Beta22
1.0.0.Beta23
1.0.0.Beta24
1.0.0.Beta25
1.0.0.Beta26
1.0.0.Beta27
1.0.0.Beta28
1.0.0.Beta29
1.0.0.Beta30
1.0.0.Beta31
1.0.0.Beta32
1.0.0.Beta33
1.0.0.CR1
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.0.CR5
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.0.4.Final
1.0.5.Final
1.0.6.Final
1.0.7.Final
1.0.8.Final
1.0.9.Final
1.0.10.Final
1.0.11.Final
1.0.12.Final
1.0.13.Final
1.0.14.Final
1.0.15.Final
1.0.16.Final
1.0.17.Final
1.0.18.Final
1.0.19.Final
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Beta3
1.1.0.Beta4
1.1.0.Beta5
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.1.0.CR4
1.1.0.CR5
1.1.0.CR6
1.1.0.CR7
1.1.0.CR8
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.1.3.Final
1.1.4.Final
1.1.5.Final
1.1.6.Final
1.1.7.Final
1.1.8.Final
1.1.9.Final
1.2.0.Beta1
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.Beta10
1.2.0.CR1
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.2.5.Final
1.2.6.Final
1.2.7.Final
1.2.8.Final
1.2.9.Final
1.2.10.Final
1.2.11.Final
1.2.12.Final
1.3.0.Beta1
1.3.0.Beta2
1.3.0.Beta3
1.3.0.Beta4
1.3.0.Beta5
1.3.0.Beta6
1.3.0.Beta7
1.3.0.Beta8
1.3.0.Beta9
1.3.0.Beta10
1.3.0.Beta11
1.3.0.Beta12
1.3.0.Beta13
1.3.0.CR1
1.3.0.CR2
1.3.0.CR3
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
1.3.4.Final
1.3.5.Final
1.3.6.Final
1.3.7.Final
1.3.8.Final
1.3.9.Final
1.3.10.Final
1.3.11.Final
1.3.12.Final
1.3.13.Final
1.3.14.Final
1.3.15.Final
1.3.16.Final
1.3.17.Final
1.3.18.Final
1.3.19.Final
1.3.20.Final
1.3.21.Final
1.3.22.Final
1.3.23.Final
1.3.24.Final
1.3.25.Final
1.3.26.Final
1.3.27.Final
1.3.28.Final
1.3.29.Final
1.3.30.Final
1.3.31.Final
1.3.32.Final
1.3.33.Final
1.4.0.Beta1
1.4.0.CR1
1.4.0.CR2
1.4.0.CR3
1.4.0.CR4
1.4.0.Final
1.4.1.Final
1.4.2.Final
1.4.3.Final
1.4.4.Final
1.4.5.Final
1.4.6.Final
1.4.7.Final
1.4.8.Final
1.4.9.Final
1.4.10.Final
1.4.11.Final
1.4.12.Final
1.4.13.Final
1.4.14.Final
1.4.15.Final
1.4.16.Final
1.4.17.Final
1.4.18.Final
1.4.19.Final
1.4.20.Final
1.4.21.Final
1.4.22.Final
1.4.23.Final
1.4.24.Final
1.4.25.Final
1.4.26.Final
1.4.27.Final
1.4.28.Final
2.*
2.0.0.Alpha1
2.0.0.Beta1
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
2.0.4.Final
2.0.5.Final
2.0.6.Final
2.0.7.Final
2.0.8.Final
2.0.9.Final
2.0.10.Final
2.0.11.Final
2.0.12.Final
2.0.13.Final
2.0.14.Final
2.0.15.Final
2.0.16.Final
2.0.17.Final
2.0.18.Final
2.0.19.Final
2.0.20.Final
2.0.21.Final
2.0.22.Final
2.0.23.Final
2.0.24.Final
2.0.25.Final
2.0.26.Final
2.0.27.Final
2.0.28.Final
2.0.29.Final
2.0.30.Final
2.0.31.Final
2.0.32.Final
2.0.33.Final
2.0.34.Final
2.0.35.Final
2.0.36.Final
2.0.37.Final
2.0.38.Final
2.0.39.Final
2.0.40.Final
2.0.41.Final
2.0.42.Final
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.1.3.Final
2.1.4.Final
2.1.5.Final
2.1.6.Final
2.1.7.Final
2.1.8.Final
2.2.0.Final
2.2.1.Final
2.2.2.Final
2.2.3.Final
2.2.4.Final
2.2.5.Final
2.2.6.Final
2.2.7.Final
2.2.8.Final
2.2.9.Final
2.2.10.Final
2.2.11.Final
2.2.12.Final
2.2.13.Final
2.2.14.Final
2.2.15.Final
2.2.16.Final
2.2.17.Final
2.2.18.Final
2.2.19.Final
2.2.20.Final
2.2.21.Final
2.2.22.Final
2.2.23.Final
2.2.24.Final
2.2.25.Final
2.2.26.Final
2.2.27.Final
2.2.28.Final
2.2.29.Final
2.2.30.Final
2.2.31.Final
Maven / io.undertow:undertow-core
Package
- Name
- io.undertow:undertow-core
- View open source insights on deps.dev
- Purl
- pkg:maven/io.undertow/undertow-core