Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjY2YtN3h3My1wMnZy

HTTP Request Smuggling in Undertow

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Permalink: https://github.com/advisories/GHSA-cccf-7xw3-p2vr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjY2YtN3h3My1wMnZy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-cccf-7xw3-p2vr, CVE-2020-10719
References:

Blast Radius: 24.2

Affected Packages

maven:io.undertow:undertow-core

Dependent packages: 912
Dependent repositories: 5,259
Downloads:
Affected Version Ranges: <= 2.1.0.Final
Fixed in: 2.1.1.Final
All affected versions:
All unaffected versions: