Allocation of Resources Without Limits or Throttling in Undertow

GHSA-g4cp-h53p-v3v8 · CVE-2020-10705

Published Apr 30, 2021 · Modified Feb 17, 2024

Description

A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-10705
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1803241
WEB https://security.netapp.com/advisory/ntap-20220210-0014

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes