Lucene search
+L

183 matches found

OSV
OSV
added 2023/11/15 12:30 p.m.3 views

GHSA-XJHV-P3FV-X24R In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS7.1AI score0.01124EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/15 12:30 p.m.43 views

In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS6.9AI score0.01124EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/15 9:46 a.m.17 views

CVE-2023-34062

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS6.6AI score0.01124EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/15 9:46 a.m.28 views

CVE-2023-34062

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS7.5AI score0.01124EPSS
Exploits0References1
OSV
OSV
added 2023/11/15 9:46 a.m.4 views

CVE-2023-34062

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS7.4AI score0.01124EPSS
Exploits0References3
CVE
CVE
added 2023/11/15 9:46 a.m.1066 views

CVE-2023-34062

CVE-2023-34062 affects Reactor Netty HTTP Server. Versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39 are vulnerable when the server is configured to serve static resources. A crafted URL can trigger a directory traversal (path traversal) vulnerability, allowing access to restricted files. T...

7.5CVSS7.2AI score0.01124EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/11/15 12:0 a.m.7 views

Directory Traversal in Reactor Netty HTTP Server

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS7.1AI score0.01124EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.6 views

VMware Reactor Netty Path Traversal Vulnerability

VMware Reactor Netty is a US-based VMware company that provides non-blocking and backpressure-ready TCP/HTTP/UDP/QUIC clients and servers based on the Netty framework. A security vulnerability exists in VMware Reactor Netty versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39, which originate...

7.5CVSS6.7AI score0.01124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.3 views

PT-2023-8190

Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP Server versions 1.0.x prior to 1.0.39 Reactor Netty HTTP Server versions 1.1.x prior to 1.1.13 Description The issue is related to incorrect restriction of directory path names, which can lead to a directory traversal attack...

7.8CVSS7.1AI score0.01124EPSS
Exploits0References9
Spring Security Advisories
Spring Security Advisories
added 2023/10/31 12:0 a.m.21 views

What new is coming in reactor-core 3.6.0?

Reactor 3.6.0 is coming and going to be GA on November 14. This blogpost describes new features that are included in this upcoming release! Virtual Threads support Today, everyone talks about Java 21 and Project Loom. The Project Reactor team hears that and sees value in that project within our...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/08/16 10:56 a.m.3 views

reactor-netty-http: Log request headers in some cases of invalid HTTP requests

A flaw was found in the Reactor Netty HTTP Server, which may log request headers in some cases of invalid HTTP requests. This could allow an attacker to access privileged information when WARN level logging is enabled...

4.3CVSS5.8AI score0.00604EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2023/06/20 12:0 a.m.18 views

This Week in Spring - June 20th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Sydney, Australia, talking to customers, koalas, kangaroos, and whoever else will listen! I'll be doing a live presentation, tonight at the Microsoft Reactor here in Sydney. Register now and come join me! As usual, we'...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/04/11 12:0 a.m.13 views

This Week in Spring - April 11th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am in Amsterdam, Netherlands, preparing to speak at the Utrecht JUG tonight along with fellow Java Champion Trisha Gee. We're not speaking together, but instead it's a double header: she'll speak first, then...

6.7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/04/04 12:0 a.m.20 views

This Week in Spring - April 4th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Me, I'm exhausted! It's been quite the odyssey trying to get to Devnexus, but I made it, eventually! If you're at Devnexus, check out this roundup of interesting and awesome talks from the Spring team and...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/29 12:0 a.m.95 views

Context Propagation with Project Reactor 3 - Unified Bridging between Reactive and Imperative

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative We concluded the last article with the thought that Spring Cloud Sleuth’s MANUAL context propagation strategy is both performant and provides correct...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/29 12:0 a.m.29 views

Context Propagation with Project Reactor 3 - Unified Bridging between Reactive and Imperative

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative We concluded the last article with the thought that Spring Cloud Sleuth’s MANUAL context propagation strategy is both performant and provides correct...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/28 12:0 a.m.96 views

Context Propagation with Project Reactor 2 - The bumpy road of Spring Cloud Sleuth

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Cloud Sleuth recently became Micrometer Tracing, part of the Micrometer project. Most of the tracing instrumentation is centered within Micrometer und...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/28 12:0 a.m.18 views

Context Propagation with Project Reactor 2 - The bumpy road of Spring Cloud Sleuth

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Cloud Sleuth recently became Micrometer Tracing, part of the Micrometer project. Most of the tracing instrumentation is centered within Micrometer und...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/27 12:0 a.m.44 views

Context Propagation with Project Reactor 1 - The Basics

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative Spring Boot 3 and Spring Framework 6 brought us a unified and consistent way to enable Observability in applications that use Micrometer. The evolution from...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/03/14 12:0 a.m.17 views

This Week in Spring - March 14th, 2023

Hi, Spring fans! Happy Pi π day! And, welcome to another installment of This Week in Spring! It's pouring cats and dogs here in San Francisco! The news is talking about atmospheric rivers; I don't know what that means but I don't know that I want to find out. Anyway, all that to say: I'm glad as...

7.9AI score
Exploits0
Rows per page
Query Builder