2024-11-19
Platform: Undertow
Version:
Affected: >= 2.3.0.Alpha1, < 2.3.11.Final
Affected: < 2.2.30.Final
Patched: 2.3.11.Final
Patched: 2.2.30.Final
Vulnerability: Incorrect Cookie Parsing
Severity: High
Date:
Published (NVD): Nov 17, 2024
Published (GitHub): Nov 17, 2024
Reviewed: Nov 18, 2024
Last Updated: Nov 18, 2024
What Undertow Says:
Undertow contains a vulnerability where it incorrectly parses cookies with specific delimiters in their values. This allows attackers to potentially steal sensitive data (HttpOnly cookies) or inject fake cookies. This vulnerability can lead to unauthorized access or modification of user data. Upgrading to Undertow versions 2.3.11.Final or 2.2.30.Final is recommended to address this issue.
References:
Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help