CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

All Vulnerability Reports

**CVE-2020-5403: DoS Via Malformed URL with Reactor Netty HTTP Server**  
**Severity**

Medium

**Vendor**

Pivotal

**Description**

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

**Affected VMware Products and Versions**

Severity is medium unless otherwise noted.

*   Reactor Netty
    *   0.9.3
    *   0.9.4

**Mitigation**

Users of affected versions should upgrade to 0.9.5 (reactor-bom Dysprosium SR-5). No other steps are necessary.

*   Reactor Netty
    *   0.9.5

**Credit**

This issue was identified and responsibly reported by Wojciech Kuranowski.

**References**

*   https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

**History**

2020-02-27: Initial vulnerability report published.

Headline

CVE-2020-5403: CVE-2020-5403 | Security

CVE: Latest News