Directory Traversal Vulnerability in Reactor Netty HTTP Server by Pivotal Software
CVE-2023-34062
7.5HIGH
What is CVE-2023-34062?
A vulnerability has been identified in the Reactor Netty HTTP Server which can be exploited by a malicious user through specially crafted URLs. If the server is configured to serve static resources, it may be susceptible to directory traversal attacks. This enables attackers to potentially access sensitive directories and files beyond the intended resource paths, jeopardizing application security.
Affected Version(s)
Reactor Netty 1.1.0 < 1.1.13
Reactor Netty 1.0.0 < 1.0.39
Reactor Netty older unsupported versions
