CVE-2018-14642: Information Exposure

September 18, 2018 (updated May 9, 2019)

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call, the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

References

nvd.nist.gov/vuln/detail/CVE-2018-14642

Detect and mitigate CVE-2018-14642 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →