The version of undertow is vulnerable to CVE-2019-10184 #3442

loicmathieu · 2019-08-07T09:31:22Z

Describe the bug
The current version of undertow, the 2.0.21.Final, contains a know vulnerabilities CVE-2019-10184 (https://nvd.nist.gov/vuln/detail/CVE-2019-10184) that has a CVSS Score v3 of 7.5 - HIGH.

Expected behavior
No CVE with a high score for undertow.

Actual behavior
One CVE with a high score is found for undertow.

To Reproduce
Steps to reproduce the behavior:

You can use the maven OWASP dependency-check to analyse the current Quarkus libraries for known CVE.

Environment (please complete the following information):

Quarkus version or git rev: 0.20 or the current master

loicmathieu · 2019-08-07T09:32:07Z

Update to undertown 2.0.23.Final or later is advised

Fixes #3442 Undertow 2.0.23.Final

Upgrade Undertow to 2.0.23.Final

loicmathieu added the kind/bug Something isn't working label Aug 7, 2019

Sanne assigned stuartwdouglas Aug 7, 2019

geoand closed this as completed in d32ffe4 Aug 7, 2019

geoand added a commit that referenced this issue Aug 7, 2019

Merge pull request #3447 from stuartwdouglas/3442

853bc23

Fixes #3442 Undertow 2.0.23.Final

gsmet added this to the 0.21.0 milestone Aug 13, 2019

Dufgui pushed a commit to Dufgui/quarkus that referenced this issue Aug 26, 2019

Fixes quarkusio#3442

28deea0

Upgrade Undertow to 2.0.23.Final

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The version of undertow is vulnerable to CVE-2019-10184 #3442

The version of undertow is vulnerable to CVE-2019-10184 #3442

loicmathieu commented Aug 7, 2019

loicmathieu commented Aug 7, 2019

The version of undertow is vulnerable to CVE-2019-10184 #3442

The version of undertow is vulnerable to CVE-2019-10184 #3442

Comments

loicmathieu commented Aug 7, 2019

loicmathieu commented Aug 7, 2019