High severityNVD Advisory· Published Nov 28, 2023· Updated Aug 2, 2024
Reactor Netty HTTP Server Metrics DoS Vulnerability
CVE-2023-34054
Description
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.projectreactor.netty:reactor-netty-coreMaven | >= 1.1.0, < 1.1.13 | 1.1.13 |
io.projectreactor.netty:reactor-netty-coreMaven | >= 1.0.0, < 1.0.39 | 1.0.39 |
Affected products
7- osv-coords6 versionspkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:maven/io.projectreactor.netty/reactor-netty-core
< 8.12.1-r0+ 5 more
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: < 8.12.1-r0
- (no CPE)range: >= 1.1.0, < 1.1.13
- Spring/Reactor Nettyv5Range: 1.1.0
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-q24v-hpg3-v3jpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-34054ghsaADVISORY
- github.com/reactor/reactor-netty/commit/37dc8a2ef6514cd7834e75e7f3faf0b9ea044c88ghsaWEB
- github.com/reactor/reactor-netty/commit/4ddbb1b9b985bb72290110ebae468a54e7f19420ghsaWEB
- github.com/reactor/reactor-netty/commit/ae82154e99e6f51f4816effd135f0c3a966d6ea3ghsaWEB
- github.com/reactor/reactor-netty/releases/tag/v1.0.39ghsaWEB
- github.com/reactor/reactor-netty/releases/tag/v1.1.13ghsaWEB
- spring.io/security/cve-2023-34054ghsaWEB
News mentions
0No linked articles in our index yet.