Main Vulnerability Database Vulnerabilities #VU84037

#VU84037 Path traversal in Reactor Netty - CVE-2023-34062

Published: December 11, 2023

Vulnerability identifier: #VU84037

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-34062

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Reactor Netty

Software vendor:
Pivotal

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Successful exploitation of the vulnerability requires that Reactor Netty HTTP Server is configured to serve static resources.

Remediation

Install update from vendor's website.

External links

https://spring.io/security/cve-2023-34062

#VU84037 Path traversal in Reactor Netty - CVE-2023-34062

Description

Remediation

External links

Please verify you're human