Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-34062

Published: 15/11/2023 Updated: 21/11/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Pivotal

Vulnerability Summary

In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pivotal reactor netty

Vendor Advisories

Red Hat:
Description<!---->A flaw was found in the Reactor Netty HTTP Server If the server is configured to serve static resources, an attacker can use a specially crafted URL that may allow unauthorized access to privileged data on the serverA flaw was found in the Reactor Netty HTTP Server If the server is configured to serve static resources, an attac ...

Github Repositories

https://github.com/chainguard-dev/pombump

Playing around with a tool for updating POM dependencies

pombump Programmatically manipulate maven (pomxml) dependencies Overview For easier patchability, add ways to selectively bump versions for dependencies The idea is just like gobump but for java Usage The idea is that there are some patches that should be applied to the upstream pomxml file You can specify these via --dependencies flag, or via --patch-file You can also u

https://github.com/vaikas/pombump

Playing around with a tool for updating POM dependencies

pombump Programmatically manipulate maven (pomxml) dependencies Overview For easier patchability, add ways to selectively bump versions for dependencies The idea is just like gobump but for java Usage The idea is that there are some patches that should be applied to the upstream pomxml file You can specify these via --dependencies flag, or via --patch-file You can also u

References

CWE-22https://spring.io/security/cve-2023-34062https://nvd.nist.govhttps://github.com/chainguard-dev/pombumphttps://access.redhat.com/security/cve/cve-2023-34062
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook