4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
The Reactor Netty 1.0.24 release on October 11 included fix for CVE-2022-31684 affecting Reactor Netty HTTP Server.
Users are encouraged to update as soon as possible.
Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient.
If you have a Spring Boot application, you can upgrade to Reactor BOM 2020.0.24.