CVE-2023-34054

Summary

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

Affected Software

VendorProductVersion RangeStatus
SpringReactor Netty1.1.0 < 1.1.13affected
SpringReactor Netty1.0.0 < 1.0.39affected
SpringReactor Nettyolder unsupported versionsaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References