All vulnerabilities
CVE-2023-34062
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
Description
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
Java
Publish Date
November 15, 2023
Modified Date
April 26, 2024
Score Vector
Affected Versions
