GHSA-rf6q-vx79-mjxr

Source

https://github.com/advisories/GHSA-rf6q-vx79-mjxr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rf6q-vx79-mjxr/GHSA-rf6q-vx79-mjxr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rf6q-vx79-mjxr

Aliases

CVE-2021-3629

Published

2022-05-25T00:00:22Z

Modified

2024-02-17T05:33:49.987547Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Undertow Uncontrolled Resource Consumption

Details

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

Database specific

{
    "nvd_published_at": "2022-05-24T19:15:00Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-25T22:41:25Z"
}

References

Affected packages

Maven / io.undertow:undertow-core

Package

Name: io.undertow:undertow-core; View open source insights on deps.dev
Purl: pkg:maven/io.undertow/undertow-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.40.Final

Affected versions

1.*

1.0.0.Alpha1

1.0.0.Alpha2

1.0.0.Alpha3

1.0.0.Alpha4

1.0.0.Alpha5

1.0.0.Alpha6

1.0.0.Alpha7

1.0.0.Alpha8

1.0.0.Alpha9

1.0.0.Alpha10

1.0.0.Alpha11

1.0.0.Alpha12

1.0.0.Alpha13

1.0.0.Alpha14

1.0.0.Alpha15

1.0.0.Alpha16

1.0.0.Alpha17

1.0.0.Alpha18

1.0.0.Alpha19

1.0.0.Alpha20

1.0.0.Alpha21

1.0.0.Alpha22

1.0.0.Beta1

1.0.0.Beta2

1.0.0.Beta3

1.0.0.Beta4

1.0.0.Beta5

1.0.0.Beta6

1.0.0.Beta7

1.0.0.Beta8

1.0.0.Beta9

1.0.0.Beta10

1.0.0.Beta11

1.0.0.Beta12

1.0.0.Beta13

1.0.0.Beta14

1.0.0.Beta15

1.0.0.Beta16

1.0.0.Beta17

1.0.0.Beta18

1.0.0.Beta19

1.0.0.Beta20

1.0.0.Beta21

1.0.0.Beta22

1.0.0.Beta23

1.0.0.Beta24

1.0.0.Beta25

1.0.0.Beta26

1.0.0.Beta27

1.0.0.Beta28

1.0.0.Beta29

1.0.0.Beta30

1.0.0.Beta31

1.0.0.Beta32

1.0.0.Beta33

1.0.0.CR1

1.0.0.CR2

1.0.0.CR3

1.0.0.CR4

1.0.0.CR5

1.0.0.Final

1.0.1.Final

1.0.2.Final

1.0.3.Final

1.0.4.Final

1.0.5.Final

1.0.6.Final

1.0.7.Final

1.0.8.Final

1.0.9.Final

1.0.10.Final

1.0.11.Final

1.0.12.Final

1.0.13.Final

1.0.14.Final

1.0.15.Final

1.0.16.Final

1.0.17.Final

1.0.18.Final

1.0.19.Final

1.1.0.Beta1

1.1.0.Beta2

1.1.0.Beta3

1.1.0.Beta4

1.1.0.Beta5

1.1.0.Beta6

1.1.0.Beta7

1.1.0.Beta8

1.1.0.CR1

1.1.0.CR2

1.1.0.CR3

1.1.0.CR4

1.1.0.CR5

1.1.0.CR6

1.1.0.CR7

1.1.0.CR8

1.1.0.Final

1.1.1.Final

1.1.2.Final

1.1.3.Final

1.1.4.Final

1.1.5.Final

1.1.6.Final

1.1.7.Final

1.1.8.Final

1.1.9.Final

1.2.0.Beta1

1.2.0.Beta2

1.2.0.Beta3

1.2.0.Beta4

1.2.0.Beta5

1.2.0.Beta6

1.2.0.Beta7

1.2.0.Beta8

1.2.0.Beta9

1.2.0.Beta10

1.2.0.CR1

1.2.0.Final

1.2.1.Final

1.2.2.Final

1.2.3.Final

1.2.4.Final

1.2.5.Final

1.2.6.Final

1.2.7.Final

1.2.8.Final

1.2.9.Final

1.2.10.Final

1.2.11.Final

1.2.12.Final

1.3.0.Beta1

1.3.0.Beta2

1.3.0.Beta3

1.3.0.Beta4

1.3.0.Beta5

1.3.0.Beta6

1.3.0.Beta7

1.3.0.Beta8

1.3.0.Beta9

1.3.0.Beta10

1.3.0.Beta11

1.3.0.Beta12

1.3.0.Beta13

1.3.0.CR1

1.3.0.CR2

1.3.0.CR3

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.3.4.Final

1.3.5.Final

1.3.6.Final

1.3.7.Final

1.3.8.Final

1.3.9.Final

1.3.10.Final

1.3.11.Final

1.3.12.Final

1.3.13.Final

1.3.14.Final

1.3.15.Final

1.3.16.Final

1.3.17.Final

1.3.18.Final

1.3.19.Final

1.3.20.Final

1.3.21.Final

1.3.22.Final

1.3.23.Final

1.3.24.Final

1.3.25.Final

1.3.26.Final

1.3.27.Final

1.3.28.Final

1.3.29.Final

1.3.30.Final

1.3.31.Final

1.3.32.Final

1.3.33.Final

1.4.0.Beta1

1.4.0.CR1

1.4.0.CR2

1.4.0.CR3

1.4.0.CR4

1.4.0.Final

1.4.1.Final

1.4.2.Final

1.4.3.Final

1.4.4.Final

1.4.5.Final

1.4.6.Final

1.4.7.Final

1.4.8.Final

1.4.9.Final

1.4.10.Final

1.4.11.Final

1.4.12.Final

1.4.13.Final

1.4.14.Final

1.4.15.Final

1.4.16.Final

1.4.17.Final

1.4.18.Final

1.4.19.Final

1.4.20.Final

1.4.21.Final

1.4.22.Final

1.4.23.Final

1.4.24.Final

1.4.25.Final

1.4.26.Final

1.4.27.Final

1.4.28.Final

2.*

2.0.0.Alpha1

2.0.0.Beta1

2.0.0.Final

2.0.1.Final

2.0.2.Final

2.0.3.Final

2.0.4.Final

2.0.5.Final

2.0.6.Final

2.0.7.Final

2.0.8.Final

2.0.9.Final

2.0.10.Final

2.0.11.Final

2.0.12.Final

2.0.13.Final

2.0.14.Final

2.0.15.Final

2.0.16.Final

2.0.17.Final

2.0.18.Final

2.0.19.Final

2.0.20.Final

2.0.21.Final

2.0.22.Final

2.0.23.Final

2.0.24.Final

2.0.25.Final

2.0.26.Final

2.0.27.Final

2.0.28.Final

2.0.29.Final

2.0.30.Final

2.0.31.Final

2.0.32.Final

2.0.33.Final

2.0.34.Final

2.0.35.Final

2.0.36.Final

2.0.37.Final

2.0.38.Final

2.0.39.Final

Database specific

{
    "last_known_affected_version_range": "<= 2.0.39.Final"
}

Maven / io.undertow:undertow-core

Package

Name: io.undertow:undertow-core; View open source insights on deps.dev
Purl: pkg:maven/io.undertow/undertow-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.2.11.Final

Affected versions

2.*

2.1.0.Final

2.1.1.Final

2.1.2.Final

2.1.3.Final

2.1.4.Final

2.1.5.Final

2.1.6.Final

2.1.7.Final

2.1.8.Final

2.2.0.Final

2.2.1.Final

2.2.2.Final

2.2.3.Final

2.2.4.Final

2.2.5.Final

2.2.6.Final

2.2.7.Final

2.2.8.Final

2.2.9.Final

2.2.10.Final

Database specific

{
    "last_known_affected_version_range": "<= 2.2.10.Final"
}