Description
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1970930
https://security.netapp.com/advisory/ntap-20220804-0003/
Related Vulnerabilities
CVE-2021-3629 Vulnerability in maven package io.undertow:undertow-core
CVE-2021-41269 Vulnerability in maven package com.cronutils:cron-utils
CVE-2019-12041 Vulnerability in npm package remarkable
CVE-2022-0613 Vulnerability in npm package urijs
CVE-2019-10062 Vulnerability in npm package aurelia-framework