{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-3859","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-08-03T17:09:09.581Z","dateReserved":"2021-10-05T00:00:00.000Z","datePublished":"2022-08-26T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2022-12-02T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks."}],"affected":[{"vendor":"n/a","product":"undertow","versions":[{"version":"Fixed in 2.2.15.Final","status":"affected"}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010378"},{"url":"https://issues.redhat.com/browse/UNDERTOW-1979"},{"url":"https://github.com/undertow-io/undertow/pull/1296"},{"url":"https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2"},{"url":"https://access.redhat.com/security/cve/CVE-2021-3859"},{"url":"https://security.netapp.com/advisory/ntap-20221201-0004/"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-214 - Invocation of Process Using Visible Sensitive Information","cweId":"CWE-214"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:09:09.581Z"},"title":"CVE Program Container","references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010378","tags":["x_transferred"]},{"url":"https://issues.redhat.com/browse/UNDERTOW-1979","tags":["x_transferred"]},{"url":"https://github.com/undertow-io/undertow/pull/1296","tags":["x_transferred"]},{"url":"https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2","tags":["x_transferred"]},{"url":"https://access.redhat.com/security/cve/CVE-2021-3859","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20221201-0004/","tags":["x_transferred"]}]}]}}