CX: CVE-2021-3859 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.master

**Description**

A flaw was found in Undertow versions prior to 2.2.15.Final, that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.



**HIGH Vulnerable Package** issue exists @ **io.undertow:undertow-core** in branch **master**

**Vulnerability ID:** CVE-2021-3859

**Package Name:** io.undertow:undertow-core

**Severity:** HIGH

**CVSS Score:** 7.5

**Publish Date:** 2022-08-25T23:09:00

**Current Package Version:** 2.0.9.Final

**Remediation Upgrade Recommendation:** 2.2.26.Final

[Link To SCA](https://sca.checkmarx.net/#/projects/d4f2d825-1fb5-49e7-ad6d-fd24d7e6ccd2/reports/d31d893a-9da4-4a3f-9aae-98b4bed0f922/vulnerabilities/CVE-2021-3859%3AMaven-io.undertow%3Aundertow-core-2.0.9.Final/vulnerabilityDetailsGql)

[Reference – NVD link](https://nvd.nist.gov/vuln/detail/CVE-2021-3859)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX: CVE-2021-3859 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.master #176

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX: CVE-2021-3859 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.master #176

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions