Package impact

Maven / io.undertow:undertow-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2014-7816	medium	—	6.0				12y ago	Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
CVE-2016-7046	medium	5.9	5.9				10y ago	Undertow Uncaught Exception vulnerability
CVE-2026-3260	unknown	—	—				2mo ago	Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
CVE-2024-4027	unknown	—	—				4mo ago	Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
CVE-2025-12543	unknown	—	—				5mo ago	Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
CVE-2024-3884	unknown	—	—				6mo ago	Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
CVE-2025-9784	unknown	—	—				9mo ago	Undertow MadeYouReset HTTP/2 DDoS Vulnerability
CVE-2023-4639	unknown	—	—				2y ago	Undertow incorrectly parses cookies
CVE-2023-1973	unknown	—	—				2y ago	Undertow Denial of Service vulnerability
CVE-2024-7885	unknown	—	—				2y ago	Undertow vulnerable to Race Condition
CVE-2024-3653	unknown	—	—				2y ago	Undertow Missing Release of Memory after Effective Lifetime vulnerability
CVE-2024-5971	unknown	—	—				2y ago	Undertow Denial of Service vulnerability
CVE-2024-6162	unknown	—	—				2y ago	Undertow's url-encoded request path information can be broken on ajp-listener
CVE-2024-1635	unknown	—	—				2y ago	Undertow Uncontrolled Resource Consumption Vulnerability
CVE-2024-1459	unknown	—	—				2y ago	Undertow Path Traversal vulnerability
CVE-2023-1108	unknown	—	—				3y ago	Undertow denial of service vulnerability
CVE-2022-4492	unknown	—	—				3y ago	Undertow client not checking server identity presented by server certificate in https connections
CVE-2022-2053	unknown	—	—				4y ago	Undertow vulnerable to Dos via Large AJP request
CVE-2021-3859	unknown	—	—				4y ago	Undertow vulnerable to Denial of Service (DoS) attacks
CVE-2021-3690	unknown	—	—				4y ago	Undertow vulnerable to memory exhaustion due to buffer leak
CVE-2021-3629	unknown	—	—				4y ago	Undertow Uncontrolled Resource Consumption
CVE-2021-3597	unknown	—	—				4y ago	undertow Race Condition vulnerability
CVE-2020-1745	unknown	—	—				4y ago	Improper Authorization in Undertoe
CVE-2020-1757	unknown	—	—				4y ago	Improper Input Validation in Undertow
CVE-2019-14888	unknown	—	—				4y ago	Undertow vulnerable to Uncontrolled Resource Consumption
CVE-2017-12165	unknown	—	—				4y ago	Undertow Request Smuggling vulnerability
CVE-2017-12196	unknown	—	—				4y ago	Incorrect Authorization in Undertow
CVE-2017-7559	unknown	—	—				4y ago	Undertow vulnerable to Request Smuggling
CVE-2018-1114	unknown	—	—				4y ago	Uncontrolled Resource Consumption in Undertow
CVE-2018-14642	unknown	—	—				4y ago	Exposure of Sensitive Information to an Unauthorized Actor in Undertow
CVE-2020-27782	unknown	—	—				4y ago	Denial of service in Undertow
CVE-2021-20220	unknown	—	—				5y ago	HTTP request smuggling in Undertow
CVE-2020-10687	unknown	—	—				5y ago	HTTP Request Smuggling in Undertow
CVE-2020-10705	unknown	—	—				5y ago	Allocation of Resources Without Limits or Throttling in Undertow
CVE-2020-10719	unknown	—	—				5y ago	HTTP Request Smuggling in Undertow
CVE-2019-10212	unknown	—	—				7y ago	Potential to access user credentials from the log files when debug logging enabled
CVE-2019-3888	unknown	—	—				7y ago	Credential exposure through log files in Undertow
CVE-2017-2666	unknown	—	—				8y ago	Undertow-core vulnerable to HTTP Request Smuggling
CVE-2017-2670	unknown	—	—				8y ago	Moderate severity vulnerability that affects io.undertow:undertow-core