DEBIAN-CVE-2019-10184

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-10184

Published: 25 Jul 2019, 21:15

Last modified:28 Apr 2026, 20:19

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Jul 2019, 21:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:19

Last Modified

Vulnerability information updated

Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

debian•undertow
< 2.0.23-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2019-10184