Lucene search

K
osvGoogleOSV:GHSA-VF6R-MMHC-3XCM
HistoryMay 13, 2022 - 1:12 a.m.

Exposure of Sensitive Information to an Unauthorized Actor in Undertow

2022-05-1301:12:21
Google
osv.dev
17
undertow
information leak vulnerability
sensitive information

EPSS

0.003

Percentile

70.5%

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

EPSS

0.003

Percentile

70.5%