High severity7.5NVD Advisory· Published Feb 23, 2021· Updated Jun 17, 2026
CVE-2020-27782
CVE-2020-27782
Description
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | >= 2.1.0, < 2.1.5 | 2.1.5 |
io.undertow:undertow-coreMaven | < 2.0.33 | 2.0.33 |
Affected products
2- Undertow/Undertowdescription
Patches
Vulnerability mechanics
References
5- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-rhcw-wjcm-9h6gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-27782ghsaADVISORY
- github.com/undertow-io/undertow/pull/997/commits/98a9ab7f2d7fe7a7254eaf17d47816c452169c90ghsaWEB
- issues.redhat.com/browse/UNDERTOW-1813ghsaWEB
News mentions
0No linked articles in our index yet.