Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tZmh2LWd3ZjgtNG04OM4AArL_
undertow Race Condition vulnerability
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
Permalink: https://github.com/advisories/GHSA-mfhv-gwf8-4m88JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tZmh2LWd3ZjgtNG04OM4AArL_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-mfhv-gwf8-4m88, CVE-2021-3597
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3597
- https://bugzilla.redhat.com/show_bug.cgi?id=1970930
- https://security.netapp.com/advisory/ntap-20220804-0003/
- https://github.com/advisories/GHSA-mfhv-gwf8-4m88
Affected Packages
maven:io.undertow:undertow-core
Dependent packages: 912Dependent repositories: 5,259
Downloads:
Affected Version Ranges: <= 2.0.38.Final, >= 2.1.0, <= 2.2.8.Final
Fixed in: 2.0.39.Final, 2.2.9.Final
All affected versions: 2.0.3-0.Final, 2.0.3-1.Final, 2.0.3-2.Final, 2.0.3-3.Final, 2.0.3-4.Final, 2.0.3-5.Final, 2.0.3-6.Final, 2.0.3-7.Final, 2.0.3-8.Final
All unaffected versions: