GMS-2022-2963: Duplicate of ./maven/io.undertow/undertow-core/CVE-2021-3859.yml

July 15, 2022

Undertow client side invocation timeout raised when calling over HTTP2, this vulnerability can allow attacker to carry out denial of service (DoS) attacks in versions less than 2.2.15 Final.

References

access.redhat.com/security/cve/cve-2021-3859
bugzilla.redhat.com/show_bug.cgi?id=2010378
github.com/advisories/GHSA-339q-62wm-c39w
github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
nvd.nist.gov/vuln/detail/CVE-2021-3859

Detect and mitigate GMS-2022-2963 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →