VDB
KO
MEDIUM 5.9

GHSA-3x3v-w654-m28m

Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests

Details

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).

Are you affected?

Enter the version of the package you're using.

Affected packages

Maven / io.undertow:undertow-core
Introduced in: 0

No fixed version published yet for io.undertow:undertow-core (maven). Pin to a known-safe version or switch to an alternative.

References