io.undertow:undertow-core@2.3.19.Final vulnerabilities
latest version
2.3.19.Final
first published
12 years ago
latest version published
26 days ago
licenses detected
- [1.0.0.Alpha1,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the io.undertow:undertow-core package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling (MadeYouReset) through malformed client requests that trigger repeated server-side stream resets without incrementing abuse counters. An attacker can exhaust server resources by sending specially crafted HTTP/2 requests that cause excessive workload through repeated stream aborts. How to fix Allocation of Resources Without Limits or Throttling (MadeYouReset)? There is no fixed version for | [0,) |