A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.undertow:undertow-core(Maven) | 0 | 2.0.21 | N/A |
CVSS Metrics
