pkg:Maven/io.undertow:undertow-core

All known vulnerabilities

• CRITICAL9.8CVE-2022-4492Undertow client not checking server identity presented by server certificate in https connections
  >= 2.3.0, < 2.3.5.Final
• CRITICAL9.8CVE-2019-10212Potential to access user credentials from the log files when debug logging enabled
  from 0, < 2.0.20
• CRITICAL9.8CVE-2019-3888Credential exposure through log files in Undertow
  from 0, < 2.0.21
• CRITICAL9.6CVE-2025-12543Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests
• HIGH8.6CVE-2020-1745Improper Authorization in Undertoe
  from 0, < 2.0.30
• HIGH8.1CVE-2020-1757Improper Input Validation in Undertow
  from 0, < 2.1.0
• HIGH7.5CVE-2024-4027Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names
  from 0, < 2.2.39.Final
• HIGH7.5CVE-2024-3884Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
  from 0, < 2.2.39.Final
• HIGH7.5CVE-2025-9784Undertow MadeYouReset HTTP/2 DDoS Vulnerability
  from 0, < 2.2.38.Final
• HIGH7.5CVE-2023-1973Undertow Denial of Service vulnerability
  from 0, < 2.2.32.Final
• HIGH7.5CVE-2024-7885Undertow vulnerable to Race Condition
  from 0, < 2.2.36.Final
• HIGH7.5CVE-2024-5971Undertow Denial of Service vulnerability
  >= 2.3.0.Alpha1, < 2.3.15.Final
• HIGH7.5CVE-2024-6162Undertow's url-encoded request path information can be broken on ajp-listener
  >= 2.3.0.Alpha1, < 2.3.14.Final
• HIGH7.5CVE-2024-1635Undertow Uncontrolled Resource Consumption Vulnerability
  >= 2.3.0.Final, < 2.3.12.Final
• HIGH7.5CVE-2023-1108Undertow denial of service vulnerability
  >= 2.3.0, < 2.3.5.Final
• HIGH7.5CVE-2022-2053Undertow vulnerable to Dos via Large AJP request
  from 0, < 2.2.19.Final
• HIGH7.5CVE-2021-3859Undertow vulnerable to Denial of Service (DoS) attacks
  from 0, < 2.2.15
• HIGH7.5CVE-2021-3690Undertow vulnerable to memory exhaustion due to buffer leak
  from 0, < 2.0.40
• HIGH7.5CVE-2021-3629Undertow Uncontrolled Resource Consumption
  from 0, < 2.0.40.Final
• HIGH7.5CVE-2019-14888Undertow vulnerable to Uncontrolled Resource Consumption
  from 0, < 2.0.29.Final
• HIGH7.5CVE-2017-12165Undertow Request Smuggling vulnerability
  from 0, < 1.3.31
• HIGH7.5CVE-2020-27782Denial of service in Undertow
  >= 2.1.0, < 2.1.5
• HIGH7.5CVE-2020-10705Allocation of Resources Without Limits or Throttling in Undertow
  from 0, < 2.1.1.Final
• HIGH7.5CVE-2017-2670Moderate severity vulnerability that affects io.undertow:undertow-core
  from 0, < 1.3.28
• HIGH7.4CVE-2023-4639Undertow incorrectly parses cookies
  >= 2.3.0.Alpha1, < 2.3.11.Final
• MEDIUM6.5CVE-2018-1114Uncontrolled Resource Consumption in Undertow
  from 0, < 1.4.25.Final
• MEDIUM6.5CVE-2020-10719HTTP Request Smuggling in Undertow
  from 0, < 2.1.1.Final
• MEDIUM6.5CVE-2017-2666undertow - security update
  from 0, < 1.3.31
• MEDIUM6.1CVE-2017-7559Undertow vulnerable to Request Smuggling
  >= 1.4.0, < 1.4.17.Final
• MEDIUM5.9CVE-2026-3260Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
  from 0, < 2.4.0.Beta1
• MEDIUM5.9CVE-2021-3597undertow Race Condition vulnerability
  >= 2.1.0, < 2.2.9.Final
• MEDIUM5.9CVE-2016-7046Undertow Uncaught Exception vulnerability
  >= 1.4.0, < 1.4.3.Final
• MEDIUM5.9CVE-2017-12196Incorrect Authorization in Undertow
  >= 2.0.0.Alpha1, < 2.0.2.FInal
• MEDIUM5.3CVE-2024-3653Undertow Missing Release of Memory after Effective Lifetime vulnerability
  >= 2.3.0.Alpha1, < 2.3.15.Final
• MEDIUM5.3CVE-2024-1459Undertow Path Traversal vulnerability
  from 0, < 2.2.31.Final
• MEDIUM5.3CVE-2018-14642Exposure of Sensitive Information to an Unauthorized Actor in Undertow
  from 0, < 2.0.19.FINAL
• MEDIUM4.8CVE-2021-20220HTTP request smuggling in Undertow
  >= 2.1.0, < 2.1.6
• MEDIUM4.8CVE-2020-10687HTTP Request Smuggling in Undertow
  from 0, < 2.2.0.Final
• —CVE-2014-7816Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
  >= 1.0.0, < 1.0.17