undertow-core-2.3.18.Final.jar: 1 vulnerabilities (highest severity is: 7.5) #82
Description
Vulnerable Library - undertow-core-2.3.18.Final.jar
Library home page: http://www.jboss.org
Path to dependency file: /dgrv4_Entity_lib/build.gradle
Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (undertow-core version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2025-9784 |  High |
7.5 | undertow-core-2.3.18.Final.jar | Direct | N/A | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2025-9784
Vulnerable Library - undertow-core-2.3.18.Final.jar
Library home page: http://www.jboss.org
Path to dependency file: /dgrv4_Entity_lib/build.gradle
Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar,/tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/io.undertow/undertow-core/2.3.18.Final/981cd13a9f0a626c9365a83d7f8ce1e932d5e4de/undertow-core-2.3.18.Final.jar
Dependency Hierarchy:
- ❌ undertow-core-2.3.18.Final.jar (Vulnerable Library)
Found in base branch: main
Vulnerability Details
A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument current_folder results in path traversal. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Mend Note: The description of this vulnerability differs from MITRE.
Publish Date: 2025-09-02
URL: CVE-2025-9784
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with Mend here