GHSA-q24v-hpg3-v3jp

Suggest an improvement
Source
https://github.com/advisories/GHSA-q24v-hpg3-v3jp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-q24v-hpg3-v3jp/GHSA-q24v-hpg3-v3jp.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-q24v-hpg3-v3jp
Aliases
  • CVE-2023-34054
Related
Published
2023-11-28T09:30:27Z
Modified
2024-12-06T05:34:24.611975Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Reactor Netty HTTP Server denial of service vulnerability
Details

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

Database specific
{
    "nvd_published_at": "2023-11-28T09:15:07Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-28T20:53:41Z"
}
References

Affected packages

Maven / io.projectreactor.netty:reactor-netty-core

Package

Name
io.projectreactor.netty:reactor-netty-core
View open source insights on deps.dev
Purl
pkg:maven/io.projectreactor.netty/reactor-netty-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.0
Fixed
1.1.13

Affected versions

1.*

1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12

Maven / io.projectreactor.netty:reactor-netty-core

Package

Name
io.projectreactor.netty:reactor-netty-core
View open source insights on deps.dev
Purl
pkg:maven/io.projectreactor.netty/reactor-netty-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.39

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38