VDB
EN
HIGH 7.5

GHSA-387m-935m-c4vw

Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS

상세

The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack.

### Patches

The following versions are patched:

- For Micronaut 5, versions equal or greater than [5.0.1](https://github.com/micronaut-projects/micronaut-core/releases/v5.0.1) >= - For Micronaut 4, versions equal or greater than [4.10.24](https://github.com/micronaut-projects/micronaut-core/releases/v4.10.24) >= - For Micronaut 3, versions equal or greater than [3.10.7](https://github.com/micronaut-projects/micronaut-core/releases/v3.10.7) >=

### Workarounds No

### Resources Micronaut 5 Patch: https://github.com/micronaut-projects/micronaut-core/commit/6e88a972718d6e1521c5b3bb7766451798dba4e3 Micronaut 4 Patch: https://github.com/micronaut-projects/micronaut-core/commit/f1dffffec8fb5e3b7e94ae907ce0be3831e499d4 Micronaut 3 Patch: https://github.com/micronaut-projects/micronaut-core/commit/c06a2715ca7f78321bc3ca05f41cca78cd351320

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / io.micronaut:micronaut-http-client
최초 영향 버전: 0 수정 버전: 3.10.7
수정 # pom.xml: bump <version>3.10.7</version> for io.micronaut:micronaut-http-client
Maven / io.micronaut:micronaut-http-client
최초 영향 버전: 4.0.0-M1 수정 버전: 4.10.24
수정 # pom.xml: bump <version>4.10.24</version> for io.micronaut:micronaut-http-client
Maven / io.micronaut:micronaut-http-client
최초 영향 버전: 5.0.0-M1 수정 버전: 5.0.1
수정 # pom.xml: bump <version>5.0.1</version> for io.micronaut:micronaut-http-client

참고