Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjY2YtN3h3My1wMnZy
HTTP Request Smuggling in Undertow
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
Permalink: https://github.com/advisories/GHSA-cccf-7xw3-p2vrJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjY2YtN3h3My1wMnZy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-cccf-7xw3-p2vr, CVE-2020-10719
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10719
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
- https://security.netapp.com/advisory/ntap-20220210-0014/
- https://github.com/advisories/GHSA-cccf-7xw3-p2vr
Affected Packages
maven:io.undertow:undertow-core
Dependent packages: 912Dependent repositories: 5,259
Downloads:
Affected Version Ranges: <= 2.1.0.Final
Fixed in: 2.1.1.Final
All affected versions:
All unaffected versions: