Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Is CVE-2022-1319 reintroduced in 2.2.19?

23 views
Skip to first unread message

IB

unread,
Sep 10, 2022, 6:46:46 AM9/10/22
to Undertow Dev
Hey,

I believe CVE-2022-1319 was resolved in 2.2.18 based on the release notes (and  UNDERTOW-2060) but this NIST entry says that 2.2.19 is also vulnerable. Is the NIST entry correct?

Many Thanks

Flavia Rainone

unread,
Oct 17, 2022, 4:05:21 PM10/17/22
to Undertow Dev

Hi! The NIST is incorrect. The fix was not reverted since it was merged. So, it is included on 2.2.18.Final onwards, whatever the version number might be.

Thanks
Flavia
Reply all
Reply to author
Forward
0 new messages