CVE-2022-1259

Summary

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

Affected Software

VendorProductVersion RangeStatus
n/aundertowFixed in 2.3.0.Final, 2.2.17.SP1, 2.2.20.Final, 2.2.19.SP1.affected

Weaknesses

  • CWE-400: CWE-400 - Uncontrolled Resource Consumption.

ADP Enrichment

CVE Program Container

Additional References

References