Security Advisories

CVE-2023-34054

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2023-34054

Severity

7.5

High

CVSS V3

Summary

Reactor Netty HTTP Server denial of service vulnerability

Description

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-34054

Severity

Summary

Description

References

Affected packages

Product

Why Chainguard

Why Chainguard

Customers

Customers

Company

Company

Resources

Resources