Description
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
MEDIUM Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Vulnerability ID: CVE-2020-10687
Package Name: io.undertow:undertow-core
Severity: MEDIUM
CVSS Score: 6.5
Publish Date: 2020-09-23T13:15:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.0.33.Final
Link To SCA
Reference – NVD link
Description
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.
MEDIUM Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Vulnerability ID: CVE-2020-10687
Package Name: io.undertow:undertow-core
Severity: MEDIUM
CVSS Score: 6.5
Publish Date: 2020-09-23T13:15:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.0.33.Final
Link To SCA
Reference – NVD link