VYPR
High severity7.5GHSA Advisory· Published Dec 3, 2025· Updated Apr 15, 2026

CVE-2024-3884

CVE-2024-3884

Description

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.undertow:undertow-coreMaven
< 2.2.39.Final2.2.39.Final
io.undertow:undertow-coreMaven
>= 2.4.0.Alpha1, < 2.4.0.Beta12.4.0.Beta1
io.undertow:undertow-coreMaven
>= 2.3.0.Alpha1, < 2.3.21.Final2.3.21.Final

Affected products

6

Patches

Vulnerability mechanics

References

29

News mentions

0

No linked articles in our index yet.