VYPR
Critical severityNVD Advisory· Published Feb 23, 2023· Updated Mar 12, 2025

CVE-2022-4492

CVE-2022-4492

Description

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.undertow:undertow-coreMaven
>= 2.3.0, < 2.3.5.Final2.3.5.Final
io.undertow:undertow-coreMaven
< 2.2.24.Final2.2.24.Final

Affected products

2

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.