Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719

https://security.netapp.com/advisory/ntap-20220210-0014/

Related Vulnerabilities

CVE-2023-3276 Vulnerability in maven package cn.hutool:hutool-core

CVE-2023-22579 Vulnerability in npm package sequelize

CVE-2023-46653 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation

CVE-2021-21118 Vulnerability in npm package electron

CVE-2019-10387 Vulnerability in maven package com.xebialabs.xlt.ci:xltestview-plugin

Severity

High

Classification

CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Issue Tracking Vendor Advisory Third Party Advisory