A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
{ "github_reviewed_at": "2019-06-13T20:02:23Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-532" ], "github_reviewed": true, "nvd_published_at": "2019-06-12T14:29:00Z" }