GHSA-frpp-8pwq-hjrx

Suggest an improvement
Source
https://github.com/advisories/GHSA-frpp-8pwq-hjrx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-frpp-8pwq-hjrx/GHSA-frpp-8pwq-hjrx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-frpp-8pwq-hjrx
Aliases
  • CVE-2025-14969
Published
2026-01-26T21:30:36Z
Modified
2026-01-27T21:26:17.047051Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion
Details

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.

Database specific 
{
    "cwe_ids": [
        "CWE-772"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2026-01-26T20:16:08Z",
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-27T21:05:43Z"
}
References

Affected packages

Maven / org.hibernate.reactive:hibernate-reactive-core

Package

Name
org.hibernate.reactive:hibernate-reactive-core
View open source insights on deps.dev
Purl
pkg:maven/org.hibernate.reactive/hibernate-reactive-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.1

Affected versions

1.*

1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.Alpha8
1.0.0.Alpha9
1.0.0.Alpha10
1.0.0.Alpha11
1.0.0.Beta1
1.0.0.Beta2
1.0.0.Beta3
1.0.0.Beta4
1.0.0.CR1
1.0.0.CR2
1.0.0.CR3
1.0.0.CR4
1.0.0.CR5
1.0.0.CR6
1.0.0.CR7
1.0.0.CR8
1.0.0.CR9
1.0.0.CR10
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.1.0.Final
1.1.1.Final
1.1.2.Final
1.1.3.Final
1.1.4.Final
1.1.5.Beta2
1.1.5.Final
1.1.6.Final
1.1.7.Final
1.1.8.Final
1.1.9.Final

2.*

2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Beta1
2.0.0.Beta2
2.0.0.CR1
2.0.0.CR2
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
2.0.4.Final
2.0.5.Final
2.0.6.Final
2.0.7.Final
2.0.8.Final
2.1.0.Final
2.2.0.Final
2.2.1.Final
2.2.2.Final
2.3.0.CR1
2.3.0.Final
2.3.1.Final
2.4.0.CR1
2.4.0.Final
2.4.1.Final
2.4.2.Final
2.4.3.Final
2.4.4.Final
2.4.5.Final
2.4.6.Final
2.4.7.Final
2.4.8.Final
2.4.9.Final
2.4.10.Final
2.4.11.Final

3.*

3.0.0.Beta1
3.0.0.Beta2
3.0.0.Beta3
3.0.0.CR1
3.0.0.CR2
3.0.0.Final
3.0.1.Final
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.0.10.Final
3.0.11.Final
3.0.12.Final
3.1.0.CR1
3.1.0.CR2
3.1.0.Final
3.1.1.Final
3.1.2.Final
3.1.3.Final
3.1.4.Final
3.1.5.Final
3.1.6.Final
3.1.7.Final
3.1.8.Final
3.1.9.Final
3.1.10.Final
3.1.11.Final
3.1.12.Final
3.2.0.CR1
3.2.0.CR2
3.2.0.Final
3.2.1.Final

4.*

4.0.0.Beta1
4.0.0.Final
4.1.0.Final
4.1.1.Final
4.1.2.Final
4.1.3.Final
4.1.4.Final
4.1.5.Final
4.1.6.Final
4.1.7.Final
4.1.8.Final
4.1.9.Final
4.1.10.Final
4.2.0.CR1
4.2.0.CR2
4.2.0.Final

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-frpp-8pwq-hjrx/GHSA-frpp-8pwq-hjrx.json"