undertow vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the undertow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Resource Exhaustion	<2.2.12-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.3.8-2
M HTTP Request Smuggling	<1.4.23-1
C Information Exposure Through Log Files	<2.0.23-1
L Uncontrolled Recursion	<2.3.18-1
M HTTP Response Splitting	<1.4.25-1
M HTTP Request Smuggling	<2.1.1-1
H Out-of-Bounds	<2.1.1-1
H CVE-2023-3223	<2.3.18-1
H HTTP Request Smuggling	<2.0.23-1
C Information Exposure Through Log Files	<2.0.27-1
M HTTP Request Smuggling	<2.2.0-1
H CVE-2022-4492	<2.3.8-2
L Memory Leak	<2.3.18-1
M CVE-2022-2764	<2.2.21-1
H Resource Exhaustion	<2.2.4-1
M HTTP Request Smuggling	<1.4.18-1
H Resource Exhaustion	<2.0.30-1
M Resource Exhaustion	<1.4.25-1
M Race Condition	<2.2.10-1
M CRLF Injection	<1.4.3-1
H CVE-2023-1973	<2.3.18-1
H Improper Input Validation	<2.1.0-1
M Directory Traversal	<2.3.18-1
H Information Exposure	<2.2.16-1
L Resource Exhaustion	<2.3.18-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1.4.18-1
L Resource Exhaustion	<2.0.25-1
H Missing Authorization	<2.0.23-1
H Unchecked Return Value	<2.2.17-1
H CVE-2024-7885	<2.3.18-1
H Directory Traversal	<1.4.22-1
H Allocation of Resources Without Limits or Throttling	<2.3.18-1
L Allocation of Resources Without Limits or Throttling	<2.3.20-1
L Resource Exhaustion	<2.3.18-1
H HTTP Request Smuggling	<2.3.18-1
C CVE-2020-1745	<2.0.30-1
M Incorrect Authorization	<1.4.25-1
H Resource Exhaustion	<2.2.18-1
M Information Exposure	<2.0.23-1
H Memory Leak	<2.2.10-1
M Resource Management Errors	<1.4.3-1
M HTTP Request Smuggling	<2.2.0-1

Vulnerability

Vulnerable Version

<2.2.12-1