GHSA-q24v-hpg3-v3jp

Source

https://github.com/advisories/GHSA-q24v-hpg3-v3jp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-q24v-hpg3-v3jp/GHSA-q24v-hpg3-v3jp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q24v-hpg3-v3jp

Aliases

CVE-2023-34054

Related

CGA-x2cw-f7rc-fw6v

Published

2023-11-28T09:30:27Z

Modified

2026-02-04T02:57:17.291193Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Reactor Netty HTTP Server denial of service vulnerability

Details

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-28T20:53:41Z",
    "cwe_ids": [],
    "nvd_published_at": "2023-11-28T09:15:07Z",
    "severity": "HIGH"
}

References

Affected packages

Maven / io.projectreactor.netty:reactor-netty-core

Package

Name: io.projectreactor.netty:reactor-netty-core; View open source insights on deps.dev
Purl: pkg:maven/io.projectreactor.netty/reactor-netty-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.13

Affected versions

1.*

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.1.10

1.1.11

1.1.12

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-q24v-hpg3-v3jp/GHSA-q24v-hpg3-v3jp.json"

Maven / io.projectreactor.netty:reactor-netty-core

Package

Name: io.projectreactor.netty:reactor-netty-core; View open source insights on deps.dev
Purl: pkg:maven/io.projectreactor.netty/reactor-netty-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.39

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.0.20

1.0.21

1.0.22

1.0.23

1.0.24

1.0.25

1.0.26

1.0.27

1.0.28

1.0.29

1.0.30

1.0.31

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.0.37

1.0.38

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-q24v-hpg3-v3jp/GHSA-q24v-hpg3-v3jp.json"