Description
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Remediation
References
https://access.redhat.com/security/cve/CVE-2021-3859
https://bugzilla.redhat.com/show_bug.cgi?id=2010378
https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
https://github.com/undertow-io/undertow/pull/1296
https://issues.redhat.com/browse/UNDERTOW-1979
https://security.netapp.com/advisory/ntap-20221201-0004/
Related Vulnerabilities
CVE-2022-34780 Vulnerability in maven package com.xebialabs.ci:xlrelease-plugin
CVE-2017-5635 Vulnerability in maven package org.apache.nifi:nifi-framework-authorization
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-45819 Vulnerability in npm package tinymce
CVE-2020-5411 Vulnerability in maven package org.springframework.batch:spring-batch-core