-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.undertow:undertow-core | maven | < 2.0.40 | 2.0.40 |
| io.undertow:undertow-core | maven | >= 2.2.0, < 2.2.10 | 2.2.10 |
Miggo AIRoot Cause AnalysisThe GitHub patch shows a critical addition of buffer.free() in FrameHandler.java's run() method. This matches the vulnerability description of a buffer leak in PONG message handling. The CWE-401 (Missing Memory Release) directly corresponds to the missing free() call in the unpatched code path for PONG messages. The code context indicates this was the only missing resource cleanup point related to WebSocket PONG frames.
JavaJavaOngoing coverage of React2Shell