← back
CVE-2019-10184

CVE-2019-10184

CVSS 5.3 MEDIUMEPSS 3.5%CWE-862
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
undertow-io · undertow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:2935https://access.redhat.com/errata/RHSA-2019:2936https://access.redhat.com/errata/RHSA-2019:2937https://access.redhat.com/errata/RHSA-2019:2938https://access.redhat.com/errata/RHSA-2019:2998https://access.redhat.com/errata/RHSA-2019:3044https://access.redhat.com/errata/RHSA-2019:3045https://access.redhat.com/errata/RHSA-2019:3046https://access.redhat.com/errata/RHSA-2019:3050https://access.redhat.com/errata/RHSA-2020:0727https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184https://github.com/undertow-io/undertow/pull/794