Andrew Marinchuk

**Name of the Vulnerable Software and Affected Versions** Undertow versions prior to 2.0.40 Undertow versions prior to 2.2.10 **Description** A flaw was found in Undertow, where a buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion, allowing an attacker to cause a denial of service. The highest threat from this issue is availability. **Recommendations** For Undertow versions prior to 2.0.40, update to version 2.0.40 or later to resolve the issue. For Undertow versions prior to 2.2.10, update to version 2.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to WebSocket PONG messages to minimize the risk of exploitation.