CVE-2018-1114: Uncontrolled Resource Consumption

September 11, 2018 (updated October 9, 2019)

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.

References

nvd.nist.gov/vuln/detail/CVE-2018-1114

Code Behaviors & Features

Detect and mitigate CVE-2018-1114 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →