forked from CheckmarxDev/JavaVulnerableLab
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CX: CVE-2019-10212 in Maven-io.undertow:undertow-core and 2.0.9.Final @ RM_JavaVulnerableLab.refs/heads/master #26
Comments
Issue still exists. |
Issue still exists. |
Issue still exists. |
1 similar comment
Issue still exists. |
Issue still exists. |
1 similar comment
Issue still exists. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
A flaw was found in versions before 2.0.27.Final, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
HIGH Vulnerable Package issue exists @ io.undertow:undertow-core in branch refs/heads/master
Vulnerability ID: CVE-2019-10212
Package Name: io.undertow:undertow-core
Severity: HIGH
CVSS Score: 9.8
Publish Date: 2019-10-02T19:15:00
Current Package Version: 2.0.9.Final
Remediation Upgrade Recommendation: 2.0.35.Final
Link To SCA
Reference – NVD link
The text was updated successfully, but these errors were encountered: