Medium severity5.3NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026
CVE-2018-14642
CVE-2018-14642
Description
An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 2.0.19.FINAL | 2.0.19.FINAL |
Affected products
2Patches
Vulnerability mechanics
References
11- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0362nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0364nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0365nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:0380nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:1106nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:1107nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:1108nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2019:1140nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-vf6r-mmhc-3xcmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-14642ghsaADVISORY
News mentions
0No linked articles in our index yet.