[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-3653":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":35,"related":36,"reserved_at":9,"published_at":37,"modified_at":38,"state":39,"summary":40,"references_raw":49,"kevs":125,"epss":126,"epss_history":129,"metrics":386,"affected":399},"CVE-2024-3653","A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-401","Missing Release of Memory after Effective Lifetime","The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.","weakness","Draft","Variant","Medium",[],[],[22],"GHSA-ch7q-gpff-h9hp",[],[25,27,29,31,33],{"_key":26},"DEBIAN-CVE-2024-3653",{"_key":28},"UBUNTU-CVE-2024-3653",{"_key":30},"RHSA-2024:5143",{"_key":32},"RHSA-2024:5144",{"_key":34},"RHSA-2024:5145",[],[],"2024-07-08T21:21:20.899Z","2025-11-07T18:44:40.524Z","Deferred",{"cisa_kev":41,"cisa_ransomware":41,"cisa_vendor":9,"epss_severity":42,"epss_score":43,"severity":44,"severity_score":45,"severity_version":46,"severity_source":47,"severity_vector":48,"severity_status":39},false,"low",0.04428,"medium",5.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",[50,61,65,69,73,77,81,86,92,96,100,104,108,112,116,121],{"url":51,"sources":52,"tags":56},"https://access.redhat.com/errata/RHSA-2024:4392",[47,53,54,55],"nvd","osv_debian","osv_maven",[57,58,59,60],"Vendor Advisory","X Refsource REDHAT","Advisory","WEB",{"url":62,"sources":63,"tags":64},"https://access.redhat.com/errata/RHSA-2024:5143",[47,53,54,55],[57,58,59,60],{"url":66,"sources":67,"tags":68},"https://access.redhat.com/errata/RHSA-2024:5144",[47,53,54,55],[57,58,59,60],{"url":70,"sources":71,"tags":72},"https://access.redhat.com/errata/RHSA-2024:5145",[47,53,54,55],[57,58,59,60],{"url":74,"sources":75,"tags":76},"https://access.redhat.com/errata/RHSA-2024:5147",[47,53,54,55],[57,58,59,60],{"url":78,"sources":79,"tags":80},"https://access.redhat.com/errata/RHSA-2024:6437",[47,53,54,55],[57,58,59,60],{"url":82,"sources":83,"tags":84},"https://access.redhat.com/security/cve/CVE-2024-3653",[47,53,54,55],[85,58,60],"VDB Entry",{"url":87,"sources":88,"tags":89},"https://bugzilla.redhat.com/show_bug.cgi?id=2274437",[47,53,54,55],[90,58,91,60],"Issue Tracking","REPORT",{"url":93,"sources":94,"tags":95},"https://security.netapp.com/advisory/ntap-20240828-0002/",[47,53],[],{"url":97,"sources":98,"tags":99},"https://security-tracker.debian.org/tracker/CVE-2024-3653",[54],[59],{"url":101,"sources":102,"tags":103},"https://nvd.nist.gov/vuln/detail/CVE-2024-3653",[55],[59],{"url":105,"sources":106,"tags":107},"https://github.com/undertow-io/undertow/pull/1639",[55],[60],{"url":109,"sources":110,"tags":111},"https://github.com/undertow-io/undertow/pull/1640",[55],[60],{"url":113,"sources":114,"tags":115},"https://github.com/undertow-io/undertow/pull/1641",[55],[60],{"url":117,"sources":118,"tags":119},"https://github.com/undertow-io/undertow",[55],[120],"PACKAGE",{"url":122,"sources":123,"tags":124},"https://issues.redhat.com/browse/UNDERTOW-2382",[55],[60],[],{"date":127,"score":43,"percentile":128},"2026-06-05",0.89238,[130,133,136,140,143,146,149,152,154,157,160,163,166,168,170,174,177,180,183,185,188,191,194,197,199,202,205,208,212,215,217,220,222,225,228,230,232,235,238,241,244,247,249,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,313,316,319,322,325,328,330,332,335,337,340,343,345,348,351,354,357,360,363,366,369,372,375,378,381,383],{"date":131,"score":43,"percentile":132},"2025-11-04",0.8851,{"date":134,"score":43,"percentile":135},"2025-11-05",0.88509,{"date":137,"score":138,"percentile":139},"2025-11-06",0.06505,0.90678,{"date":141,"score":138,"percentile":142},"2025-11-07",0.90686,{"date":144,"score":138,"percentile":145},"2025-11-08",0.90687,{"date":147,"score":138,"percentile":148},"2025-11-09",0.90684,{"date":150,"score":138,"percentile":151},"2025-11-10",0.90685,{"date":153,"score":138,"percentile":148},"2025-11-11",{"date":155,"score":138,"percentile":156},"2025-11-12",0.9069,{"date":158,"score":138,"percentile":159},"2025-11-13",0.90693,{"date":161,"score":138,"percentile":162},"2025-11-14",0.90695,{"date":164,"score":138,"percentile":165},"2025-11-15",0.90692,{"date":167,"score":138,"percentile":162},"2025-11-16",{"date":169,"score":138,"percentile":165},"2025-11-17",{"date":171,"score":172,"percentile":173},"2025-11-18",0.35639,0.96859,{"date":175,"score":172,"percentile":176},"2025-11-19",0.9686,{"date":178,"score":172,"percentile":179},"2025-11-20",0.96862,{"date":181,"score":138,"percentile":182},"2025-11-21",0.90699,{"date":184,"score":138,"percentile":182},"2025-11-22",{"date":186,"score":138,"percentile":187},"2025-11-23",0.90701,{"date":189,"score":138,"percentile":190},"2025-11-24",0.90702,{"date":192,"score":138,"percentile":193},"2025-11-25",0.90706,{"date":195,"score":138,"percentile":196},"2025-11-26",0.90705,{"date":198,"score":138,"percentile":193},"2025-11-27",{"date":200,"score":138,"percentile":201},"2025-11-28",0.90696,{"date":203,"score":138,"percentile":204},"2025-11-29",0.90733,{"date":206,"score":138,"percentile":207},"2025-11-30",0.90731,{"date":209,"score":210,"percentile":211},"2025-12-01",0.00808,0.73574,{"date":213,"score":210,"percentile":214},"2025-12-02",0.7358,{"date":216,"score":210,"percentile":214},"2025-12-03",{"date":218,"score":138,"percentile":219},"2025-12-04",0.9073,{"date":221,"score":138,"percentile":204},"2025-12-05",{"date":223,"score":138,"percentile":224},"2025-12-06",0.90734,{"date":226,"score":138,"percentile":227},"2025-12-07",0.90728,{"date":229,"score":138,"percentile":227},"2025-12-08",{"date":231,"score":138,"percentile":207},"2025-12-09",{"date":233,"score":138,"percentile":234},"2025-12-10",0.9074,{"date":236,"score":138,"percentile":237},"2025-12-11",0.90747,{"date":239,"score":138,"percentile":240},"2025-12-12",0.90752,{"date":242,"score":138,"percentile":243},"2025-12-13",0.90742,{"date":245,"score":138,"percentile":246},"2025-12-14",0.90741,{"date":248,"score":138,"percentile":246},"2025-12-15",{"date":250,"score":138,"percentile":246},"2025-12-16",{"date":252,"score":138,"percentile":253},"2025-12-17",0.90749,{"date":255,"score":138,"percentile":256},"2025-12-18",0.90755,{"date":258,"score":138,"percentile":259},"2025-12-19",0.90757,{"date":261,"score":138,"percentile":262},"2025-12-20",0.90756,{"date":264,"score":138,"percentile":265},"2025-12-21",0.90766,{"date":267,"score":138,"percentile":268},"2025-12-22",0.90762,{"date":270,"score":138,"percentile":271},"2025-12-23",0.90772,{"date":273,"score":138,"percentile":274},"2025-12-24",0.9078,{"date":276,"score":138,"percentile":277},"2025-12-25",0.90782,{"date":279,"score":138,"percentile":280},"2025-12-26",0.90781,{"date":282,"score":138,"percentile":283},"2025-12-27",0.90828,{"date":285,"score":138,"percentile":286},"2025-12-28",0.90778,{"date":288,"score":138,"percentile":289},"2025-12-29",0.90773,{"date":291,"score":138,"percentile":292},"2025-12-30",0.90777,{"date":294,"score":138,"percentile":295},"2025-12-31",0.90788,{"date":297,"score":210,"percentile":298},"2026-01-01",0.7381,{"date":300,"score":210,"percentile":301},"2026-01-02",0.73812,{"date":303,"score":210,"percentile":304},"2026-01-03",0.73811,{"date":306,"score":138,"percentile":307},"2026-01-04",0.908,{"date":309,"score":138,"percentile":310},"2026-01-05",0.90797,{"date":312,"score":138,"percentile":307},"2026-01-06",{"date":314,"score":138,"percentile":315},"2026-01-07",0.90803,{"date":317,"score":138,"percentile":318},"2026-01-08",0.90806,{"date":320,"score":138,"percentile":321},"2026-01-09",0.90809,{"date":323,"score":138,"percentile":324},"2026-01-10",0.90812,{"date":326,"score":138,"percentile":327},"2026-01-11",0.90805,{"date":329,"score":138,"percentile":318},"2026-01-12",{"date":331,"score":138,"percentile":315},"2026-01-13",{"date":333,"score":138,"percentile":334},"2026-01-14",0.90816,{"date":336,"score":138,"percentile":334},"2026-01-15",{"date":338,"score":138,"percentile":339},"2026-01-16",0.90821,{"date":341,"score":138,"percentile":342},"2026-01-17",0.90822,{"date":344,"score":138,"percentile":342},"2026-01-18",{"date":346,"score":138,"percentile":347},"2026-01-19",0.90823,{"date":349,"score":138,"percentile":350},"2026-01-20",0.90824,{"date":352,"score":138,"percentile":353},"2026-01-21",0.90829,{"date":355,"score":138,"percentile":356},"2026-01-22",0.9083,{"date":358,"score":138,"percentile":359},"2026-01-23",0.90838,{"date":361,"score":138,"percentile":362},"2026-01-24",0.90846,{"date":364,"score":138,"percentile":365},"2026-01-25",0.90848,{"date":367,"score":138,"percentile":368},"2026-01-26",0.90849,{"date":370,"score":138,"percentile":371},"2026-01-27",0.90852,{"date":373,"score":138,"percentile":374},"2026-01-28",0.90856,{"date":376,"score":138,"percentile":377},"2026-01-29",0.90857,{"date":379,"score":138,"percentile":380},"2026-01-30",0.90855,{"date":382,"score":138,"percentile":377},"2026-01-31",{"date":384,"score":210,"percentile":385},"2026-02-01",0.73881,[387,392,394],{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":388,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":389,"vectorString":48,"impactScore":390,"exploitabilityScore":391},"MEDIUM",2.3,10,{"source":53,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":393,"cvss_v4_0":9},{"baseScore":45,"baseSeverity":389,"vectorString":48,"impactScore":390,"exploitabilityScore":391},{"source":55,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":395,"cvss_v4_0":396},{"baseScore":45,"baseSeverity":9,"vectorString":48,"impactScore":390,"exploitabilityScore":391},{"baseScore":397,"baseSeverity":9,"vectorString":398,"impactScore":9,"exploitabilityScore":9},6.3,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",[400,412],{"ecosystem":401,"name":402,"vendor":403,"product":402,"cpe_part":9,"purl_type":404,"purl_namespace":403,"purl_name":402,"source":9,"versions":405},"Debian","undertow","debian","deb",[406],{"version":407,"is_range":408,"range_type":409,"version_start":9,"version_start_type":9,"version_end":410,"version_end_type":411,"fixed_in":9},"lt2_3_18_1",true,"ecosystem","2.3.18-1","excluding",{"ecosystem":413,"name":414,"vendor":415,"product":416,"cpe_part":9,"purl_type":417,"purl_namespace":415,"purl_name":416,"source":9,"versions":418},"Maven","io.undertow:undertow-core","io.undertow","undertow-core","maven",[419,424],{"version":420,"is_range":408,"range_type":409,"version_start":421,"version_start_type":422,"version_end":423,"version_end_type":411,"fixed_in":9},"gte2_3_0_Alpha1_lt2_3_15_Final","2.3.0.Alpha1","including","2.3.15.Final",{"version":425,"is_range":408,"range_type":409,"version_start":9,"version_start_type":9,"version_end":426,"version_end_type":411,"fixed_in":9},"lt2_2_34_Final","2.2.34.Final"]