Headline
GHSA-xjhv-p3fv-x24r: In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-34062
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
High severity GitHub Reviewed Published Nov 15, 2023 to the GitHub Advisory Database • Updated Nov 15, 2023
Package
maven io.projectreactor.netty:reactor-netty-http (Maven)
Affected versions
>= 1.1.0, < 1.1.13
>= 1.0.0, < 1.0.39
Patched versions
1.1.13
1.0.39
Published to the GitHub Advisory Database
Nov 15, 2023
Last updated
Nov 15, 2023
Related news
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.