MEDIUM 5.9
GHSA-3x3v-w654-m28m
Undertow: Denial of Service via Multipart/Form-Data Parsing on HTTP GET Requests
Details
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / io.undertow:undertow-core
Introduced in:
0 No fixed version published yet for io.undertow:undertow-core (maven). Pin to a known-safe version or switch to an alternative.