CVE-2023-34062
ADVISORY - githubSummary
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.
Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.
EPSS Score: 0.01851 (0.827)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADVISORY - github
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADVISORY - gitlab
ADVISORY - redhat
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-34062
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-xjhv-p3fv-x24r
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-34062
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-4r93-7667-fvxw
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-fg7r-755x-xwjw
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-w9fh-6r6w-f7rr
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-