GitHub Advisory DatabaseGHSA-65H2-WF7M-Q2V8Undertow vulnerable to denial of service
0.021 Low
EPSS
Percentile
89.1%
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it’s possible to bypass the limit by setting the file name in the request to null.
| CPE | Name | Operator | Version |
|---|---|---|---|
| io.undertow:undertow-parent | lt | 2.2.24.Final |
References
access.redhat.com/errata/RHSA-2023:4505
access.redhat.com/errata/RHSA-2023:4506
access.redhat.com/errata/RHSA-2023:4507
access.redhat.com/errata/RHSA-2023:4509
access.redhat.com/errata/RHSA-2023:4918
access.redhat.com/errata/RHSA-2023:4919
access.redhat.com/errata/RHSA-2023:4920
access.redhat.com/errata/RHSA-2023:4921
access.redhat.com/errata/RHSA-2023:4924
access.redhat.com/errata/RHSA-2023:7247
access.redhat.com/security/cve/CVE-2023-3223
bugzilla.redhat.com/show_bug.cgi?id=2209689
github.com/advisories/GHSA-65h2-wf7m-q2v8
nvd.nist.gov/vuln/detail/CVE-2023-3223
security.netapp.com/advisory/ntap-20231027-0004
Related
