CVE-2020-10719
HTTP Request Smuggling in Undertow
6.5
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
How to fix CVE-2020-10719
To remediate CVE-2020-10719, upgrade the affected package to a fixed version below.
- Debian/undertow—upgrade to 2.1.1-1 or later
- —upgrade to 2.1.1.Final or later
Is CVE-2020-10719 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.1.1-1
- from 0, < 2.1.1.Final
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |