CVE-2023-34054 Information

Description

In Reactor Netty HTTP Server versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39 it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.

Reference

https://spring.io/security/cve-2023-34054