Vulnerabilities > CVE-2023-34054 - Unspecified vulnerability in Pivotal Reactor Netty

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pivotal

NVD

Published: 2023-11-28

Updated: 2023-12-04

Summary

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

Vulnerable Configurations

Part	Description	Count
Application	Pivotal Pivotal Reactor Netty 1.1.0 Pivotal Reactor Netty 1.1.1 Pivotal Reactor Netty 1.1.2 Pivotal Reactor Netty 1.1.3 Pivotal Reactor Netty 1.1.4 Pivotal Reactor Netty 1.1.5 Pivotal Reactor Netty 1.1.6 Pivotal Reactor Netty 1.1.7 Pivotal Reactor Netty 1.1.8 Pivotal Reactor Netty 1.1.9 Pivotal Reactor Netty 1.1.10 Pivotal Reactor Netty 1.1.12 Pivotal Reactor Netty 0.5.1 Pivotal Reactor Netty 0.5.2 Pivotal Reactor Netty 0.6.0 Pivotal Reactor Netty 0.6.1 Pivotal Reactor Netty 0.6.2 Pivotal Reactor Netty 0.6.3 Pivotal Reactor Netty 0.6.4 Pivotal Reactor Netty 0.6.5 Pivotal Reactor Netty 0.6.6 Pivotal Reactor Netty 0.7.0 Pivotal Reactor Netty 0.7.1 Pivotal Reactor Netty 0.7.2 Pivotal Reactor Netty 0.7.3 Pivotal Reactor Netty 0.7.4 Pivotal Reactor Netty 0.7.5 Pivotal Reactor Netty 0.7.6 Pivotal Reactor Netty 0.7.7 Pivotal Reactor Netty 0.7.8 Pivotal Reactor Netty 0.7.9 Pivotal Reactor Netty 0.7.10 Pivotal Reactor Netty 0.7.11 Pivotal Reactor Netty 0.7.12 Pivotal Reactor Netty 0.7.13 Pivotal Reactor Netty 0.7.14 Pivotal Reactor Netty 0.7.15 Pivotal Reactor Netty 0.8.0 Pivotal Reactor Netty 0.8.1 Pivotal Reactor Netty 0.8.2 Pivotal Reactor Netty 0.8.3 Pivotal Reactor Netty 0.8.4 Pivotal Reactor Netty 0.8.5 Pivotal Reactor Netty 0.8.6 Pivotal Reactor Netty 0.8.7 Pivotal Reactor Netty 0.8.8 Pivotal Reactor Netty 0.8.9 Pivotal Reactor Netty 0.8.10 Pivotal Reactor Netty 0.8.11 Pivotal Reactor Netty 0.8.12 Pivotal Reactor Netty 0.8.13 Pivotal Reactor Netty 0.8.14 Pivotal Reactor Netty 0.8.15 Pivotal Reactor Netty 0.8.16 Pivotal Reactor Netty 0.9.0 Pivotal Reactor Netty 0.9.1 Pivotal Reactor Netty 0.9.2 Pivotal Reactor Netty 0.9.3 Pivotal Reactor Netty 0.9.4 Pivotal Reactor Netty 0.9.5 Pivotal Reactor Netty 0.9.6 Pivotal Reactor Netty 0.9.7 Pivotal Reactor Netty 0.9.8 Pivotal Reactor Netty 0.9.9 Pivotal Reactor Netty 0.9.10 Pivotal Reactor Netty 0.9.11 Pivotal Reactor Netty 0.9.12 Pivotal Reactor Netty 0.9.13 Pivotal Reactor Netty 0.9.14 Pivotal Reactor Netty 0.9.15 Pivotal Reactor Netty 0.9.16 Pivotal Reactor Netty 0.9.17 Pivotal Reactor Netty 0.9.18 Pivotal Reactor Netty 0.9.19 Pivotal Reactor Netty 0.9.20 Pivotal Reactor Netty 0.9.21 Pivotal Reactor Netty 0.9.22 Pivotal Reactor Netty 0.9.23 Pivotal Reactor Netty 0.9.24 Pivotal Reactor Netty 0.9.25 Pivotal Reactor Netty 1.0.0 Pivotal Reactor Netty 1.0.1 Pivotal Reactor Netty 1.0.2 Pivotal Reactor Netty 1.0.3 Pivotal Reactor Netty 1.0.4 Pivotal Reactor Netty 1.0.5 Pivotal Reactor Netty 1.0.6 Pivotal Reactor Netty 1.0.7 Pivotal Reactor Netty 1.0.8 Pivotal Reactor Netty 1.0.9 Pivotal Reactor Netty 1.0.10 Pivotal Reactor Netty 1.0.11 Pivotal Reactor Netty 1.0.12 Pivotal Reactor Netty 1.0.13 Pivotal Reactor Netty 1.0.14 Pivotal Reactor Netty 1.0.15 Pivotal Reactor Netty 1.0.16 Pivotal Reactor Netty 1.0.17 Pivotal Reactor Netty 1.0.18 Pivotal Reactor Netty 1.0.19 Pivotal Reactor Netty 1.0.20 Pivotal Reactor Netty 1.0.21 Pivotal Reactor Netty 1.0.22 Pivotal Reactor Netty 1.0.23 Pivotal Reactor Netty 1.0.24 Pivotal Reactor Netty 1.0.25 Pivotal Reactor Netty 1.0.26 Pivotal Reactor Netty 1.0.27 Pivotal Reactor Netty 1.0.28 Pivotal Reactor Netty 1.0.29 Pivotal Reactor Netty 1.0.30 Pivotal Reactor Netty 1.0.31 Pivotal Reactor Netty 1.0.32 Pivotal Reactor Netty 1.0.33 Pivotal Reactor Netty 1.0.34 Pivotal Reactor Netty 1.0.35 Pivotal Reactor Netty 1.0.36 Pivotal Reactor Netty 1.0.37 Pivotal Reactor Netty 1.0.38	140

References

https://spring.io/security/cve-2023-34054