CVE-2020-10719

MEDIUM6.5EPSS 0.17%

HTTP Request Smuggling in Undertow

Published: 4/30/2021Modified: 4/28/2026

Also known as:DEBIAN-CVE-2020-10719

Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Affected packages (2)

Debian/undertowfrom 0, < 2.1.1-1
Maven/io.undertow:undertow-corefrom 0, < 2.1.1.Final

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-10719
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-10719
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719
WEBhttps://security.netapp.com/advisory/ntap-20220210-0014