CVE-2021-3629 (Medium) detected in undertow-core-2.0.15.Final.jar #395
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-3629 - Medium Severity Vulnerability
Undertow
Path to dependency file: /t/sub1/pom.xml
Path to vulnerable library: /2/repository/io/undertow/undertow-core/2.0.15.Final/undertow-core-2.0.15.Final.jar
Dependency Hierarchy:
Found in HEAD commit: 37c7d89138d443bae9926a0184046f8d8c7dda51
Found in base branch: master
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
Publish Date: 2022-05-24
URL: CVE-2021-3629
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2021-3629
Release Date: 2022-05-24
Fix Resolution: io.undertow:undertow-core:2.0.40.Final,2.2.11.Final;io.undertow:undertow-benchmarks:2.0.40.Final,2.2.11.Final;io.undertow:undertow-examples:2.0.40.Final,2.2.11.Final
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: