Vulnerabilities > Pivotal > Reactor Netty > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-34054 Unspecified vulnerability in Pivotal Reactor Netty
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
network
low complexity
pivotal
7.5
2023-11-15 CVE-2023-34062 Path Traversal vulnerability in Pivotal Reactor Netty
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
network
low complexity
pivotal CWE-22
7.5
2020-03-03 CVE-2020-5403 Improper Handling of Exceptional Conditions vulnerability in Pivotal Reactor Netty 0.9.3/0.9.4
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
network
low complexity
pivotal CWE-755
7.5
2019-10-17 CVE-2019-11284 Insufficiently Protected Credentials vulnerability in Pivotal Reactor Netty
Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones.
network
low complexity
pivotal CWE-522
8.6