A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.

Affected Packages

Maven io.undertow:undertow-core

Affected versions: 0 (fixed in 2.0.40.Final)

Maven io.undertow:undertow-core

Affected versions: 2.1.0 (fixed in 2.2.11.Final)

Related CVEs

CVE-2021-3629

Key Information

GHSA ID

GHSA-rf6q-vx79-mjxr

Published

May 25, 2022 12:00 AM

Last Modified

June 12, 2025 4:03 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

io.undertow:undertow-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.