A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

Affected Packages

Maven io.undertow:undertow-core

Affected versions: 0 (fixed in 2.1.1.Final)

Related CVEs

CVE-2020-10705

Key Information

GHSA ID

GHSA-g4cp-h53p-v3v8

Published

April 30, 2021 5:28 PM

Last Modified

February 11, 2022 9:12 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

io.undertow:undertow-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.