CVE-2019-10184
Undertow Missing Authorization when requesting a protected directory without trailing slash
7.5
HIGH
CVSS 3.1
EPSS 1.5%
Description
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.
How to fix CVE-2019-10184
To remediate CVE-2019-10184, upgrade the affected package to a fixed version below.
- Debian/undertow—upgrade to 2.0.23-1 or later
- —upgrade to 2.0.23 or later
Is CVE-2019-10184 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.0.23-1
- from 0, < 2.0.23
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |