Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-q24v-hpg3-v3jp: Reactor Netty HTTP Server denial of service vulnerability

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

ghsa
#vulnerability#dos#git#java#maven

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-34054

Reactor Netty HTTP Server denial of service vulnerability

Moderate severity GitHub Reviewed Published Nov 28, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

Package

maven io.projectreactor.netty:reactor-netty-http (Maven)

Affected versions

>= 1.1.0, < 1.1.13

>= 1.0.0, < 1.0.39

Patched versions

1.1.13

1.0.39

Description

Published to the GitHub Advisory Database

Nov 28, 2023

Last updated

Nov 28, 2023

Related news

CVE-2023-34054: CVE-2023-34054: Reactor Netty HTTP Server Metrics DoS Vulnerability

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.