Directory Traversal Vulnerability in Reactor Netty HTTP Server by Pivotal Software
CVE-2023-34062

7.5HIGH

Key Information:

Vendor

Pivotal

Vendor
CVE Published:
15 November 2023

What is CVE-2023-34062?

A vulnerability has been identified in the Reactor Netty HTTP Server which can be exploited by a malicious user through specially crafted URLs. If the server is configured to serve static resources, it may be susceptible to directory traversal attacks. This enables attackers to potentially access sensitive directories and files beyond the intended resource paths, jeopardizing application security.

Affected Version(s)

Reactor Netty 1.1.0 < 1.1.13

Reactor Netty 1.0.0 < 1.0.39

Reactor Netty older unsupported versions

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.