CVE-2021-3597: Race condition in undertow

May 24, 2022 (updated November 10, 2022)

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.

References

bugzilla.redhat.com/show_bug.cgi?id=1970930
github.com/advisories/GHSA-mfhv-gwf8-4m88
nvd.nist.gov/vuln/detail/CVE-2021-3597

Detect and mitigate CVE-2021-3597 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →