Vulnerability Details CVE-2023-34062
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.8%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2023-34062
-
cpe:2.3:a:pivotal:reactor_netty:1.0.0
-
cpe:2.3:a:pivotal:reactor_netty:1.0.1
-
cpe:2.3:a:pivotal:reactor_netty:1.0.10
-
cpe:2.3:a:pivotal:reactor_netty:1.0.11
-
cpe:2.3:a:pivotal:reactor_netty:1.0.12
-
cpe:2.3:a:pivotal:reactor_netty:1.0.13
-
cpe:2.3:a:pivotal:reactor_netty:1.0.14
-
cpe:2.3:a:pivotal:reactor_netty:1.0.15
-
cpe:2.3:a:pivotal:reactor_netty:1.0.16
-
cpe:2.3:a:pivotal:reactor_netty:1.0.17
-
cpe:2.3:a:pivotal:reactor_netty:1.0.18
-
cpe:2.3:a:pivotal:reactor_netty:1.0.19
-
cpe:2.3:a:pivotal:reactor_netty:1.0.2
-
cpe:2.3:a:pivotal:reactor_netty:1.0.20
-
cpe:2.3:a:pivotal:reactor_netty:1.0.21
-
cpe:2.3:a:pivotal:reactor_netty:1.0.22
-
cpe:2.3:a:pivotal:reactor_netty:1.0.23
-
cpe:2.3:a:pivotal:reactor_netty:1.0.24
-
cpe:2.3:a:pivotal:reactor_netty:1.0.25
-
cpe:2.3:a:pivotal:reactor_netty:1.0.26
-
cpe:2.3:a:pivotal:reactor_netty:1.0.27
-
cpe:2.3:a:pivotal:reactor_netty:1.0.28
-
cpe:2.3:a:pivotal:reactor_netty:1.0.29
-
cpe:2.3:a:pivotal:reactor_netty:1.0.3
-
cpe:2.3:a:pivotal:reactor_netty:1.0.30
-
cpe:2.3:a:pivotal:reactor_netty:1.0.31
-
cpe:2.3:a:pivotal:reactor_netty:1.0.32
-
cpe:2.3:a:pivotal:reactor_netty:1.0.33
-
cpe:2.3:a:pivotal:reactor_netty:1.0.34
-
cpe:2.3:a:pivotal:reactor_netty:1.0.35
-
cpe:2.3:a:pivotal:reactor_netty:1.0.36
-
cpe:2.3:a:pivotal:reactor_netty:1.0.37
-
cpe:2.3:a:pivotal:reactor_netty:1.0.38
-
cpe:2.3:a:pivotal:reactor_netty:1.0.4
-
cpe:2.3:a:pivotal:reactor_netty:1.0.5
-
cpe:2.3:a:pivotal:reactor_netty:1.0.6
-
cpe:2.3:a:pivotal:reactor_netty:1.0.7
-
cpe:2.3:a:pivotal:reactor_netty:1.0.8
-
cpe:2.3:a:pivotal:reactor_netty:1.0.9
-
cpe:2.3:a:pivotal:reactor_netty:1.1.0
-
cpe:2.3:a:pivotal:reactor_netty:1.1.1
-
cpe:2.3:a:pivotal:reactor_netty:1.1.10
-
cpe:2.3:a:pivotal:reactor_netty:1.1.12
-
cpe:2.3:a:pivotal:reactor_netty:1.1.2
-
cpe:2.3:a:pivotal:reactor_netty:1.1.3
-
cpe:2.3:a:pivotal:reactor_netty:1.1.4
-
cpe:2.3:a:pivotal:reactor_netty:1.1.5
-
cpe:2.3:a:pivotal:reactor_netty:1.1.6
-
cpe:2.3:a:pivotal:reactor_netty:1.1.7
-
cpe:2.3:a:pivotal:reactor_netty:1.1.8
-
cpe:2.3:a:pivotal:reactor_netty:1.1.9