High severityNVD Advisory· Published Jul 25, 2019· Updated Aug 4, 2024
CVE-2019-10184
CVE-2019-10184
Description
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-servletMaven | < 2.0.23 | 2.0.23 |
Affected products
2- Range: fixed in 2.0.23.Final
Patches
Vulnerability mechanics
References
18- access.redhat.com/errata/RHSA-2019:2935ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:2936ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:2937ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:2938ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:2998ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3044ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3045ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3046ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2019:3050ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0727ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-w69w-jvc7-wjgvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10184ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/undertow-io/undertow/commit/5fa7ac68c0e4251c93056d9982db5e794e04ebfaghsaWEB
- github.com/undertow-io/undertow/pull/794ghsax_refsource_CONFIRMWEB
- issues.redhat.com/browse/UNDERTOW-1578ghsaWEB
- security.netapp.com/advisory/ntap-20220210-0016ghsaWEB
- security.netapp.com/advisory/ntap-20220210-0016/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.