High severityNVD Advisory· Published Aug 26, 2022· Updated Aug 3, 2024
CVE-2021-3859
CVE-2021-3859
Description
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.undertow:undertow-coreMaven | < 2.2.15 | 2.2.15 |
Affected products
2- Undertow/Undertowdescription
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-339q-62wm-c39wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3859ghsaADVISORY
- access.redhat.com/security/cve/cve-2021-3859ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8ghsaWEB
- github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2ghsaWEB
- github.com/undertow-io/undertow/pull/1296ghsaWEB
- issues.redhat.com/browse/UNDERTOW-1979ghsaWEB
- security.netapp.com/advisory/ntap-20221201-0004ghsaWEB
- access.redhat.com/security/cve/CVE-2021-3859mitre
- security.netapp.com/advisory/ntap-20221201-0004/mitre
News mentions
0No linked articles in our index yet.