Bump io.undertow:undertow-core from 2.0.9.Final to 2.3.20.Final by dependabot[bot] · Pull Request #106 · jvlstuff/JavaVulnerableLab_for_AST

dependabot · 2025-11-12T17:16:53Z

Bumps io.undertow:undertow-core from 2.0.9.Final to 2.3.20.Final.

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.20.Final

Release 2.3.20.Final fixes CVE-2025-9784 Full list of issues: view in Jira
    Release Notes - Undertow - Version 2.3.20.Final
v.2.3.19.Final

Release 2.3.19.Final fixes CVE-2024-4109 Full list of issues: view in Jira
    Release Notes - Undertow - Version 2.3.19.Final

... (truncated)

Commits

5e6c73d Prepare 2.3.20.Final
967ec02 Merge pull request #1803 from fl4via/backport-fixes_2.3.x
2448f7a [UNDERTOW-2598] Replace the delayed cleaning algorithm in DirectByteBufferDea...
e7c28ac Merge pull request #1802 from fl4via/backport-fixes_2.3.x
39fcfbe [UNDERTOW-2598] CVE-2025-9784 At AbstractFramedStreamSinkChannel, safeguard a...
1d013b2 [UNDERTOW-2598] CVE-2025-9784 Add a delay in the actual direct byte buffer de...
afbd244 [UNDERTOW-2598] CVE-2025-9784 Prevent the dispatch of an exchange if the conn...
4610806 [UNDERTOW-2598] CVE-2025-9784 Prevent a MadeYouReset HTTP2 attack by sending ...
c5a9817 [UNDERTOW-2235] Properly handle non servlet methods dispatched as error into ...
5756047 [UNDERTOW-2604] fix potential NPE from alternate ctor
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [io.undertow:undertow-core](https://github.com/undertow-io/undertow) from 2.0.9.Final to 2.3.20.Final. - [Release notes](https://github.com/undertow-io/undertow/releases) - [Commits](undertow-io/undertow@2.0.9.Final...2.3.20.Final) --- updated-dependencies: - dependency-name: io.undertow:undertow-core dependency-version: 2.3.20.Final dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

juegge · 2025-11-12T17:19:08Z

Checkmarx One – Scan Summary & Details – 12b78795-519f-42f1-9b01-69c6b371c9d8

New Issues (62)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2025-48989	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	details Recommended version: 9.0.108 Description: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache... Attack Vector: NETWORK Attack Complexity: LOW `ID: Ojt1aityLOpLahug8yu7OPtAhPzZfDi2%2FMGG06ASBeU%3D` Vulnerable Package
CVE-2025-52434	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	details Recommended version: 9.0.108 Description: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Nativ... Attack Vector: NETWORK Attack Complexity: LOW `ID: Ri0A81y9osZMlNMwGpEcz5CgGMS9cAzg7Rx4rlCbG0Y%3D` Vulnerable Package
CVE-2025-53506	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	details Recommended version: 9.0.108 Description: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces th... Attack Vector: NETWORK Attack Complexity: LOW `ID: bVdlj%2BlmMLLk72f0p2blAHOGMUE34OEyvt7N0PaOCD8%3D` Vulnerable Package
Remote Desktop Port Open To Internet	/AJP_Open_Port.tf: 6	details The Remote Desktop port is open to the internet in a Security Group `ID: n184d2i0e3AlwvbL%2FJBiRl9dy8w%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: EjIoP0v538k%2FaZVHooXZdn2ep%2FY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 4jvbRU%2B72arEhXpjysba1yuwPlE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: RJTMJZflR3g%2BN5dl0QPDbWo2HD8%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: RW%2BvMIohdId6RkgndlmPNV60AhU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: Ml3z%2FsF5q3c2neurJEgtCi%2BJ2Fs%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 9Tw3S2US2VIYaL8UuaKMS%2BcvM%2FY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 8sjFNQHwpPdSyZrOKlINCwIPy7c%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: rp%2BMtYbW9pkxDZa130o3pnSTLQM%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: Ho1WKMVs%2FpEMty%2Bi5j17qjsA9JU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 4hn2t8Pkae3OpZNm7CQ%2Fyr6y5wo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: VEfFRpRMjj%2FsEt5Cr8AvCrg%2BKgQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: ci%2FrmVz87oBdbVoBWnx%2B0odzhXY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: OuV1uNkwJurDpbYae7ld2SHPj%2BY%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 7rnBvlakHbl6xJShMnz%2Br7n803E%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: KVvlYBJ79MzapIUbLBPFfONDV%2Bs%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 0xHCc%2FlMirk%2B27gimL1k5RqU5pE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: FTamKnTqBlQ30pRaFB0SfKPVZxc%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: JWq4Lixv30GsuJeJ4mY0f1FUE2c%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: n4%2BpBjOefWE8ZBzL4%2BdidF%2FdFog%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: J2LXKQcLMuER0gg1yfDs3D7UXnI%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: CznX86T%2BSOFnBx%2BxPqAH2ogFbdg%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: snfE0BtC0HONM9I%2FeFWWA3nisWs%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: zuFnUa91eanZsIyydkvgtAHWL5I%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: OoFQ%2FJheoT2e8ILiEpHuoqggoJM%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 2vnxR%2B6jBBEsaUSpED6znAvCNsU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 8OxgpW8oGXG%2FU3KFYb1sdWtoHhI%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 9xpyyKkXXB%2FrZjfqdnbkSC3FECU%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: lo%2FvWvaQG3GF7wr7e%2F8MOejGUfo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: jjrdipl8x2qejIcEqs84XWw7uDg%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: V58KhwRv3TmRIN4OFsvWQvkwPtQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: SiAXHgRFmSnJM2NsYYpHUsdSjQ0%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: XKHvGYlUie1KOLRkbhAPbx3RYQE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: 2Zx3v1MgE2E6flIPX9aDpcmFAUo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: UR7uKd5rxUUhYsIJw1f8Gce%2FyHc%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: cCF%2BttQ6mvoNLCEEL30H0wUzyWo%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: %2Fvg8OaLX1HpYHNefS1ttUzc64mM%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: idBPp7JFC90S8MpnJPd89G5EZn8%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: bGJpV6Wb%2BTVWqqCRwiBoesm46Hg%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: hkR%2BDU3C%2FfmgoJtUPRNP45HgA5k%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: iXa0eR39ts06knLRgTcr4EI8I64%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: dCGzrXvWHUL7Q%2BwP3wg0Sb0mufw%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: VLCBYTBXGh04DCN8NyKsPyI7skE%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: Igu3R7B7s49NoGrMOK2diIGlfmQ%3D`
Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6	details A sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol `ID: ReatByiMlBBN%2FRB7SJibAZ4%2FHVQ%3D`
Unknown Port Exposed To Internet	/AJP_Open_Port.tf: 6	details AWS Security Group should not have an unknown port exposed to the entire Internet `ID: 9QBYw83goqJ9FNoz%2FtuSFg9uWyk%3D`
Unrestricted Security Group Ingress	/AJP_Open_Port.tf: 11	details Security groups allow ingress from 0.0.0.0:0 and/or ::/0 `ID: tnUQtBqKQd3Dhbcn73FlAoNETco%3D`
ELBv2 LB Access Log Disabled	/infrostructure.tf: 3	details ELBv2 LBs should have access log enabled to capture detailed information about requests sent to your load balancer. `ID: ATLpu3HKcTF0wxtbrMLsM7PWgsE%3D`
HTTP Port Open To Internet	/AJP_Open_Port.tf: 6	details The HTTP port is open to the internet in a Security Group `ID: JcqtLegvYMi7izvMhDt4bjVprnE%3D`
Parameter_Tampering	/src/main/webapp/vulnerability/Injection/orm.jsp: 50	details Method orm at line 50 of /src/main/webapp/vulnerability/Injection/orm.jsp gets user input from element ""id"". This input is later concatenated b... `ID: uvMzA73OHQXOrDzE0GZJ1WsHu8Y%3D` Attack Vector
SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible	/AJP_Open_Port.tf: 6	details Check if port 2383 on TCP is publicly accessible by checking the CIDR block range that can access it. `ID: K75jRH6kh9Jqn3zlVWY8b55y72o%3D`
Security Group With Unrestricted Access To SSH	/AJP_Open_Port.tf: 6	details 'SSH' (TCP:22) should not be public in AWS Security Group `ID: xCAFPTB%2Fj%2Fdm71bPUcBz66F8AVQ%3D`
AWS EIP not attached to any instance	/infrostructure.tf: 51	details Unattached EIPs from EC2 instances should be disabled to allow us to maintain better control, efficiency, and visibility over the network traffic a... `ID: RrL20vr7huTaSyxpphyL9e9j808%3D`
Instance Uses Metadata Service IMDSv1	/infrostructure.tf: 34	details Instance metadata can be accessed with both IMDSv1 or IMDSv2. Although, IMDSv2 service is a session-oriented service, granting additional protect... `ID: Dc0MuVyjMGGkpOvdpI1tGJ5nlRk%3D`
Lambda Function Without Dead Letter Queue	/lambda.tf: 12	details AWS Lambda Function should be configured for a Dead Letter Queue(DLQ) `ID: cf7U1lHvzVaLPvcxkajrgMhCWw8%3D`
S3 bucket notifications disabled	/Unsecure_Sensitive_data.tf: 1	details S3 bucket notifications provide alerts triggered when certain operations are performed, which might be a helpful indicator for detecting unintended... `ID: coaSxCN4Wke4W8io9gi7r9O4sqk%3D`
S3 bucket notifications disabled	/sqs.tf: 1	details S3 bucket notifications provide alerts triggered when certain operations are performed, which might be a helpful indicator for detecting unintended... `ID: NKyEokEUCn0iUyHX%2FLEZFEWmz8w%3D`
S3 bucket notifications disabled	/lambda.tf: 12	details S3 bucket notifications provide alerts triggered when certain operations are performed, which might be a helpful indicator for detecting unintended... `ID: nKPJ%2FCXIZ0rpy5rfabfSd3WSwtU%3D`
Tags Not Copied to RDS Cluster Snapshot	/rds.tf: 1	details Tags of the RDS Cluster should be copied to the respective snapshots to ensure that snapshots retain important metadata for identification, cost al... `ID: 61gcNFz8ILbm4zNLWY2lDjRthts%3D`

Fixed Issues (84)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~CVE-2019-3888~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2020-1745~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2020-10705~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2020-1757~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2020-27782~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2021-3690~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2021-3859~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2022-0084~~	Maven-org.jboss.xnio:xnio-api-3.3.8.Final
	~~CVE-2022-1319~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2022-2053~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2022-4492~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2023-1108~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2023-1973~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2023-3223~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2023-4639~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2023-5379~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2023-5685~~	Maven-org.jboss.xnio:xnio-api-3.3.8.Final
	~~CVE-2024-1635~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2024-5971~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2024-6162~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2024-7885~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~Remote Desktop Port Open To Internet~~	/AJP_Open_Port.tf: 1
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Sensitive Port Is Exposed To Entire Network~~	/AJP_Open_Port.tf: 6
	~~Unknown Port Exposed To Internet~~	/AJP_Open_Port.tf: 11
	~~Unrestricted Security Group Ingress~~	/AJP_Open_Port.tf: 11
	~~CVE-2020-10687~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2020-10719~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2020-14340~~	Maven-org.jboss.xnio:xnio-nio-3.3.8.Final
	~~CVE-2021-20220~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2021-3597~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2021-3629~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2022-2764~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2024-1459~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~CVE-2024-3653~~	Maven-io.undertow:undertow-core-2.0.9.Final
	~~HTTP Port Open To Internet~~	/AJP_Open_Port.tf: 1
	~~HttpOnly_Cookie_Flag_Not_Set~~	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 59
	~~HttpOnly_Cookie_Flag_Not_Set~~	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 63
	~~HttpOnly_Cookie_Flag_Not_Set~~	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 64
	~~HttpOnly_Cookie_Flag_Not_Set~~	/src/main/webapp/admin/adminlogin.jsp: 27
	~~SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible~~	/AJP_Open_Port.tf: 6
	~~Security Group With Unrestricted Access To SSH~~	/AJP_Open_Port.tf: 11

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

dependabot · 2026-01-21T15:23:03Z

Superseded by #108.

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Nov 12, 2025

dependabot Bot closed this Jan 21, 2026

dependabot Bot deleted the dependabot/maven/io.undertow-undertow-core-2.3.20.Final branch January 21, 2026 15:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump io.undertow:undertow-core from 2.0.9.Final to 2.3.20.Final#106

Bump io.undertow:undertow-core from 2.0.9.Final to 2.3.20.Final#106
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/io.undertow-undertow-core-2.3.20.Final

dependabot Bot commented on behalf of github Nov 12, 2025

Uh oh!

juegge commented Nov 12, 2025 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Jan 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Nov 12, 2025

v2.3.20.Final

v.2.3.19.Final

Uh oh!

juegge commented Nov 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot Bot commented on behalf of github Jan 21, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

juegge commented Nov 12, 2025 •

edited

Loading