Security
Headlines

Headlines Latest CVEs

Headline

GHSA-j382-5jj3-vw4j: Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests. As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

1 day ago

#git #java #intel #perl #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-12543

Undertow HTTP server core doesn’t properly validate the Host header in incoming HTTP requests

Critical severity GitHub Reviewed Published Jan 7, 2026 to the GitHub Advisory Database • Updated Jan 8, 2026

Package

maven io.undertow:undertow-core (Maven)

Affected versions

<= 2.4.0.Alpha1

Description

Published to the GitHub Advisory Database

Jan 7, 2026

EPSS score

ghsa: Latest News

GHSA-fg6f-75jq-6523: Authlib has 1-click Account Takeover vulnerability

17 hours ago

GHSA-pc9j-5v36-2mww: AWS SDK for Swift adopted defense in depth enhancement for region parameter value

18 hours ago

GHSA-j965-2qgj-vjmq: JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3

18 hours ago

GHSA-6475-r3vj-m8vf: AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

18 hours ago

GHSA-mcmc-2m55-j8jj: vLLM introduced enhanced protection for CVE-2025-62164

18 hours ago