CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34054 – Reactor Netty HTTP Server Metrics DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34054
28 Nov 2023 — In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, es posible que un usuario proporcione solicitudes HTTP especialmente... • https://spring.io/security/cve-2023-34054 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5403 – DoS Via Malformed URL with Reactor Netty HTTP Server
https://notcve.org/view.php?id=CVE-2020-5403
03 Mar 2020 — Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. Reactor Netty HttpServer, versiones 0.9.3 y 0.9.4, está expuesto a una URISyntaxException que causa que la conexión sea cerrada prematuramente en lugar de producir una respuesta 400. • https://pivotal.io/security/cve-2020-5403 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5404 – Authentication Leak On Redirect With Reactor Netty HttpClient
https://notcve.org/view.php?id=CVE-2020-5404
03 Mar 2020 — The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects. El HttpClient del Reactor Netty, versiones 0.9.x anteriores a 0.9.5, y versiones 0.8.x anteriores a 0.8.16, puede ser usado incorrectamente, conllevando a un filtrado de credenciales durante un redireccionamiento... • https://pivotal.io/security/cve-2020-5404 • CWE-522: Insufficiently Protected Credentials •