Bug#930349: undertow: CVE-2019-3888: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 11 07:16:42 BST 2019
Source: undertow
Version: 1.4.25-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/undertow-io/undertow/pull/736
Hi,
The following vulnerability was published for undertow.
CVE-2019-3888[0]:
leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-3888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3888
[1] https://github.com/undertow-io/undertow/pull/736
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list