Advisories » MGASA-2021-0052

Updated undertow packages fix security vulnerability

Publication date: 22 Jan 2021
Modification date: 22 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10719

Description

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the
processing of invalid HTTP requests with large chunk sizes. This flaw allows an
attacker to take advantage of HTTP request smuggling (CVE-2020-10719).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=28076
• https://security-tracker.debian.org/tracker/CVE-2020-10719
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10719

SRPMS

7/core

• undertow-1.4.0-2.1.mga7