You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Race Condition due to the reuse of the StringBuilder instance in the ProxyProtocolReadListener across multiple requests. An attacker can access data from previous requests or responses by exploiting the shared usage of the StringBuilder.
This vulnerability primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Remediation
There is no fixed version for io.undertow:undertow-core.
Overview
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to Race Condition due to the reuse of the
StringBuilderinstance in theProxyProtocolReadListeneracross multiple requests. An attacker can access data from previous requests or responses by exploiting the shared usage of theStringBuilder.This vulnerability primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.
Remediation
There is no fixed version for
io.undertow:undertow-core.References
The text was updated successfully, but these errors were encountered: