CX: CVE-2020-1745 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master

**Description**

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.

**HIGH Vulnerable Package** issue exists @ **io.undertow:undertow-core** in branch **refs/heads/master**

**Vulnerability ID:** CVE-2020-1745

**Package Name:** io.undertow:undertow-core

**Severity:** HIGH

**CVSS Score:** 7.5

**Publish Date:** 2020-04-28T15:15:00

**Current Package Version:** 2.0.9.Final

**Remediation Upgrade Recommendation:** 2.0.35.Final

[Link To SCA](https://sca.scacheckmarx.com/#/projects/43c66723-1c23-4989-9e51-bfa32766271e/reports/e3c3068d-3289-466b-aa0f-b9c2cf00b4ea/vulnerabilities/CVE-2020-1745%3AMaven-io.undertow%3Aundertow-core-2.0.9.Final/vulnerabilityDetails/vulnerabilities/CVE-2020-1745%3AMaven-io.undertow%3Aundertow-core-2.0.9.Final/vulnerabilityDetails)

[Reference &ndash; NVD link](https://nvd.nist.gov/vuln/detail/CVE-2020-1745)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX: CVE-2020-1745 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master #33

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX: CVE-2020-1745 in Maven-io.undertow:undertow-core and 2.0.9.Final @ JavaVulnerableLab.refs/heads/master #33

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions