GHSA-387m-935m-c4vw
Micronaut doesn't set a maximum redirect count for its HTTP Client, enabling infinite loop DoS
상세
The Netty-based Micronaut HTTP Client does not impose a limit on HTTP redirections, potentially allowing an infinite redirect loop that could lead to a denial-of-service attack.
### Patches
The following versions are patched:
- For Micronaut 5, versions equal or greater than [5.0.1](https://github.com/micronaut-projects/micronaut-core/releases/v5.0.1) >= - For Micronaut 4, versions equal or greater than [4.10.24](https://github.com/micronaut-projects/micronaut-core/releases/v4.10.24) >= - For Micronaut 3, versions equal or greater than [3.10.7](https://github.com/micronaut-projects/micronaut-core/releases/v3.10.7) >=
### Workarounds No
### Resources Micronaut 5 Patch: https://github.com/micronaut-projects/micronaut-core/commit/6e88a972718d6e1521c5b3bb7766451798dba4e3 Micronaut 4 Patch: https://github.com/micronaut-projects/micronaut-core/commit/f1dffffec8fb5e3b7e94ae907ce0be3831e499d4 Micronaut 3 Patch: https://github.com/micronaut-projects/micronaut-core/commit/c06a2715ca7f78321bc3ca05f41cca78cd351320
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
0 수정 버전: 3.10.7 # pom.xml: bump <version>3.10.7</version> for io.micronaut:micronaut-http-client 4.0.0-M1 수정 버전: 4.10.24 # pom.xml: bump <version>4.10.24</version> for io.micronaut:micronaut-http-client 5.0.0-M1 수정 버전: 5.0.1 # pom.xml: bump <version>5.0.1</version> for io.micronaut:micronaut-http-client 참고
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-387m-935m-c4vw [WEB]
- https://github.com/micronaut-projects/micronaut-core/commit/6e88a972718d6e1521c5b3bb7766451798dba4e3 [WEB]
- https://github.com/micronaut-projects/micronaut-core/commit/c06a2715ca7f78321bc3ca05f41cca78cd351320 [WEB]
- https://github.com/micronaut-projects/micronaut-core/commit/f1dffffec8fb5e3b7e94ae907ce0be3831e499d4 [WEB]
- https://github.com/micronaut-projects/micronaut-core [PACKAGE]