Vulnerabilities > Redhat > Undertow > 2.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-3223 | Unspecified vulnerability in Redhat products A flaw was found in undertow. | 7.5 |
| 2023-09-14 | CVE-2023-1108 | Infinite Loop vulnerability in multiple products A flaw was found in undertow. | 7.5 |
| 2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. | 4.9 |
| 2022-08-31 | CVE-2022-1259 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1319 | Unchecked Return Value vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-26 | CVE-2021-3859 | Information Exposure Through Process Environment vulnerability in multiple products A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. | 7.5 |
| 2022-08-23 | CVE-2021-3690 | Memory Leak vulnerability in Redhat products A flaw was found in Undertow. | 7.5 |
| 2021-02-23 | CVE-2021-20220 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow. | 5.8 |
| 2020-09-23 | CVE-2020-10687 | HTTP Request Smuggling vulnerability in Redhat Undertow 1.0.0 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. | 4.8 |
| 2020-06-10 | CVE-2020-10705 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. | 5.0 |