io.undertow:undertow-core@2.2.36.Final vulnerabilities

latest version

2.3.18.Final
latest non vulnerable version

2.3.18.Final
first published

12 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [1.0.0.Alpha1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.undertow:undertow-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Memory Leak io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Memory Leak when the `learning-push` handler is configured with the default `maxAge` of `-1`. An attacker who can send normal HTTP requests may consume excessive memory. How to fix Memory Leak? Upgrade `io.undertow:undertow-core` to version 2.2.37.Final, 2.3.18.Final or higher.	[,2.2.37.Final) [2.3.0.Alpha1,2.3.18.Final)

Memory Leak

io.undertow:undertow-core is a Java web server based on non-blocking IO.

Affected versions of this package are vulnerable to Memory Leak when the learning-push handler is configured with the default maxAge of -1. An attacker who can send normal HTTP requests may consume excessive memory.

How to fix Memory Leak?

Upgrade io.undertow:undertow-core to version 2.2.37.Final, 2.3.18.Final or higher.

[,2.2.37.Final) [2.3.0.Alpha1,2.3.18.Final)

Go back to all versions of this package

io.undertow:undertow-core@2.2.36.Final vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities