Description
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
Remediation
References
https://issues.redhat.com/browse/UNDERTOW-1979
https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2
https://bugzilla.redhat.com/show_bug.cgi?id=2010378
https://access.redhat.com/security/cve/CVE-2021-3859
https://github.com/undertow-io/undertow/pull/1296
https://security.netapp.com/advisory/ntap-20221201-0004/
Related Vulnerabilities
CVE-2022-0155 Vulnerability in npm package follow-redirects
CVE-2022-33140 Vulnerability in maven package org.apache.nifi:nifi-shell-authorizer
CVE-2022-0508 Vulnerability in npm package @peertube/embed-api
CVE-2023-31417 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-1295 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js