Lucene search

GitHub Advisory DatabaseGHSA-HP5X-RQF7-43VF

HistoryFeb 10, 2022 - 8:24 p.m.

Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty

2022-02-1020:24:21

CWE-20

CWE-755

GitHub Advisory Database

github.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.5%

JSON

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.

CPENameOperatorVersion
io.projectreactor.netty:reactor-netty-httple0.9.4

CPE	Name	Operator	Version
	io.projectreactor.netty:reactor-netty-http	le	0.9.4

References

github.com/advisories/GHSA-hp5x-rqf7-43vf

nvd.nist.gov/vuln/detail/CVE-2020-5403

pivotal.io/security/cve-2020-5403

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for GHSA-HP5X-RQF7-43VF