CVE-2023-34054 - Denial of Service (DoS)
Severity: None2024-02-16
Abstract
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled.
The Oxygen products incorporate Reactor Netty HTTP Server as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion v6.0 and older | None | Oxygen Content Fusion 6.0 build 2023122005 |
Detail
CVE-2023-34054
Severity: High
CVSS Score: 7.5
The Reactor Netty HTTP Server third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2023-34054 vulnerability description. However, Oxygen XML products do not use metrics / Micrometer. For that reason, Oxygen XML products are not affected by this vulnerability.