Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-3597 Vulnerability in maven package io.undertow:undertow-core

Description

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1970930

https://security.netapp.com/advisory/ntap-20220804-0003/

Related Vulnerabilities

CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge

CVE-2022-3916 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2021-3765 Vulnerability in npm package validator

CVE-2017-12634 Vulnerability in maven package org.apache.camel:camel-castor

CVE-2021-3424 Vulnerability in maven package org.keycloak:keycloak-services

Severity

Medium

Classification

CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Third Party Advisory