CVE-2022-21700

CVE-2022-21700 affects Micronaut core. The issue arises when an invalid Content-Type header is processed, causing a memory leak in DefaultArgumentConversionContext due to static state usage. Impact described as memory leak with potential degradation of availability. Patches exist in Micronaut 3.2...

CVE-2020-7611

CVE-2020-7611 affects io.micronaut:micronaut-http-client. Vulnerable versions: all before 1.2.11 and 1.3.0–1.3.1/2 (i.e., 1.3.1) are susceptible to HTTP Request Header Injection caused by not validating headers passed to the client. The issue can enable manipulation of request headers and, per ad...

CVE-2021-32769

Micronaut’s CVE-2021-32769 is a path-traversal vulnerability in versions before 2.5.9. Affected component is the Micronaut file/resource loader which allows access to filesystem paths via URL patterns like /../../ when not restricted to configured paths. Exploitation details are described across ...

CVE-2024-23639

Affected product: Micronaut Framework (micronaut-core). Vulnerability: Enabled but unsecured management endpoints allow drive-by localhost attacks when a malicious site issues HTTP requests to localhost, potentially bypassing CORS checks for some simple requests. Impact: Local development environ...

CVE-2026-33013

Summary of CVE-2026-33013 (Micronaut DoS via crafted form-urlencoded binding) : A flaw in Micronaut Framework (micronaut-json-core) allows remote attackers to cause a Denial of Service by sending crafted indexed form parameters that rely on descending array indices during form-urlencoded body bin...

CVE-2026-33012

CVE-2026-33012 affects the Micronaut Framework. Versions 4.7.0–4.10.16 use an unbounded ConcurrentHashMap cache in the DefaultHtmlErrorResponseBodyProvider with no eviction policy. If an exception message can be influenced by an attacker (e.g., via request query parameters), remote attackers coul...