CVE-2023-34062 Information

Description

In Reactor Netty HTTP Server versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39 a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.

Specifically an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.

Reference

https://spring.io/security/cve-2023-34062