undertow vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the undertow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Improper Input Validation	*
H Improper Input Validation	*
M Resource Exhaustion	<2.2.12-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2.3.8-2
M HTTP Request Smuggling	<1.4.23-1
C Information Exposure Through Log Files	<2.0.23-1
L Uncontrolled Recursion	<2.3.18-1
M HTTP Response Splitting	<1.4.25-1
M HTTP Request Smuggling	<2.1.1-1
H Out-of-Bounds	<2.1.1-1
H CVE-2023-3223	<2.3.18-1
H HTTP Request Smuggling	<2.0.23-1
C Information Exposure Through Log Files	<2.0.27-1
M HTTP Request Smuggling	<2.2.0-1
H CVE-2022-4492	<2.3.8-2
L Memory Leak	<2.3.18-1
M CVE-2022-2764	<2.2.21-1
H Resource Exhaustion	<2.2.4-1
M HTTP Request Smuggling	<1.4.18-1
H Resource Exhaustion	<2.0.30-1
M Resource Exhaustion	<1.4.25-1
M Race Condition	<2.2.10-1
M CRLF Injection	<1.4.3-1
H CVE-2023-1973	<2.3.18-1
H Improper Input Validation	<2.1.0-1
M Directory Traversal	<2.3.18-1
H Information Exposure	<2.2.16-1
L Resource Exhaustion	<2.3.18-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<1.4.18-1
L Resource Exhaustion	<2.0.25-1
H Missing Authorization	<2.0.23-1
H Unchecked Return Value	<2.2.17-1
H CVE-2024-7885	<2.3.18-1
H Directory Traversal	<1.4.22-1
H Allocation of Resources Without Limits or Throttling	<2.3.18-1
L Allocation of Resources Without Limits or Throttling	<2.3.20-1
L Resource Exhaustion	<2.3.18-1
H HTTP Request Smuggling	<2.3.18-1
C CVE-2020-1745	<2.0.30-1
M Incorrect Authorization	<1.4.25-1
H Resource Exhaustion	<2.2.18-1
M Information Exposure	<2.0.23-1
H Memory Leak	<2.2.10-1
M Resource Management Errors	<1.4.3-1
M HTTP Request Smuggling	<2.2.0-1