CVE-2022-21700

CVE-2022-21700 affects Micronaut core. The issue arises when an invalid Content-Type header is processed, causing a memory leak in DefaultArgumentConversionContext due to static state usage. Impact described as memory leak with potential degradation of availability. Patches exist in Micronaut 3.2...

CVE-2020-7611

CVE-2020-7611 affects io.micronaut:micronaut-http-client. Vulnerable versions: all before 1.2.11 and 1.3.0–1.3.1/2 (i.e., 1.3.1) are susceptible to HTTP Request Header Injection caused by not validating headers passed to the client. The issue can enable manipulation of request headers and, per ad...

CVE-2021-32769

Micronaut’s CVE-2021-32769 is a path-traversal vulnerability in versions before 2.5.9. Affected component is the Micronaut file/resource loader which allows access to filesystem paths via URL patterns like /../../ when not restricted to configured paths. Exploitation details are described across ...

CVE-2024-23639

Affected product: Micronaut Framework (micronaut-core). Vulnerability: Enabled but unsecured management endpoints allow drive-by localhost attacks when a malicious site issues HTTP requests to localhost, potentially bypassing CORS checks for some simple requests. Impact: Local development environ...

CVE-2026-33013

Summary of CVE-2026-33013 (Micronaut DoS via crafted form-urlencoded binding) : A flaw in Micronaut Framework (micronaut-json-core) allows remote attackers to cause a Denial of Service by sending crafted indexed form parameters that rely on descending array indices during form-urlencoded body bin...