CVE-2022-1259
published 2022-08-31CVE-2022-1259: A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| auth0 | jsonwebtoken | >= 0 < 9.0.0 | 9.0.0 |
| debian | undertow | — | — |
| msrc | cbl2_nmi_1.8.11-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nmi_1.8.17-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | single_sign-on | — | — |
| redhat | undertow | <= 2.2.17 | — |
| redhat | undertow | — | — |
| redhat | undertow | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv5.9MEDIUM